Half a million Fortinet VPN passwords leaked online
Fortinet VPN users advised to change their passwords immediately
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A cybercriminal has released credentials associated with almost half a million FortinetVPNaccounts online.
The account information was supposedly scraped from Fortinet devices, by exploiting a security vulnerability that first came to light in 2019. Although many months have elapsed since a patch was released, many of the credentials remain current, the hacker claims.
The data was made public by a threat actor known as Orange, who has a previous affiliation with the Babukransomwareoperation.
TechRadar Prohas asked Fortinet to verify the authenticity of the data, but has not yet received a response.
Fortinet VPN leak
A link to the data was posted to a new underground forum called Ramp, which Orange now administrates. Commentators have suggested the release of Fortinet VPN account details was a promotional stunt designed to attract new members.
“We believe with high confidence the VPN SSL leak was likely accomplished to promote the new RAMP ransomware forum offering a ‘freebie’ for wannabe ransomware operators,” Vitali Kremez, VTO at AdvancedIntel, toldBleeping Computer.
The VPN credentials are hosted on a Tor storage server linked with ransomware group Groove, which was launched only recently. The group has only one known victim to date, but may be looking to use the disclosure as a launchpad for its ransomware-as-a-service operation.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While data breaches of all kinds should be taken seriously, the compromise of VPN accounts is particularly concerning, due to the opportunity for attackers to access secure networks, from which position they could inject malware or exfiltrate sensitive data.
Although the authenticity of the Fortinet VPN credentials has not yet been confirmed, administrators are still advised to take precautionary steps, such as asking users to reset their passwords and checking closely for signs of infiltration.
Update:Fortinet has since provided the following statement:
“The security of our customers is our first priority. Fortinet is aware that a malicious actor has disclosed SSL-VPN credentials to access FortiGate SSL-VPN devices. The credentials were obtained from systems that have not yet implemented the patch update provided in May 2019.”
“Since May 2019, Fortinet has continuously communicated with customers urging the implementation of mitigations, including corporate blog posts inAugust 2019,July 2020,April 2021andJune 2021. For more information, please refer to our latestblog. We will be issuing another advisory strongly recommending that customers implement both the patch upgrade and password reset as soon as possible.”
Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.
Should your VPN always be on?
3 reasons why PIA fell in our best VPN rankings
This new phishing strategy utilizes GitHub comments to distribute malware
