Ethical Hacking News
In a shocking revelation, over 75,000 Fortinet firewalls have been exposed due to a major breach known as "FortiBleed." This massive exploit has left cybersecurity experts scrambling to assess the damage and urge organizations to take immediate action to protect themselves from further attacks.
Fortinet Firewalls have been hit by a major exploit called "FortiBleed" that exposed admin passwords for over 75,000 devices worldwide. The breach is attributed to a Russian-speaking multi-operator threat group and was facilitated by vulnerabilities in Fortinet's credential storage system. Many devices were storing passwords as SHA-256 with salt, making them vulnerable to brute force attacks from stolen config files. Security experts are urging organizations affected by the breach to take immediate action, including rotating admin credentials and upgrading to the latest FortiOS.
Fortinet Firewalls, a staple in the world of cybersecurity, have been hit by one of the largest and most brazen exploits in recent history. Dubbed "FortiBleed," this massive breach exposed admin passwords for over 75,000 Fortinet firewalls across the globe, leaving security experts scrambling to assess the damage.
According to reports, the FortiBleed exploit was discovered by security researcher Bob Diachenko, who stumbled upon a server containing what appeared to be legitimate Fortinet VPN credentials. The credentials included usernames, email addresses, and plaintext passwords for tens of thousands of organizations. It was confirmed that the data was legit and related to around 75k devices.
The breach is believed to have originated from exports of config files from the affected devices, which included sensitive information such as company industry, revenue, employee count, and country. This information was formatted in a way that resembles eCrime gang sales catalogs, indicating that the stolen data could be sold or used for coordinated deployment across a team.
The attack is attributed to a Russian-speaking multi-operator threat group that conducted approximately 1.16 billion credential attempts against FortiGate targets, with an additional 2.1 billion attempts made against Microsoft SQL Server systems. The group reportedly intercepted SSL VPN authentication hashes and cracked them using a 45-GPU cluster managed through Hashtopolis.
The breach highlights the severity of the issue with Fortinet's credential storage system, which was recently updated to PBKDF2 in early 2025 firmware updates. However, many devices were still storing passwords as SHA-256 with salt, making them vulnerable to brute force attacks from stolen config files.
In response to the breach, security experts are urging organizations that find themselves on the list to take immediate action. This includes rotating admin credentials, checking for unexpected successful logins to admin accounts, upgrading to the latest FortiOS, and enforcing multi-factor authentication on all admin users.
The FortiBleed expose serves as a stark reminder of the importance of robust cybersecurity measures and regular vulnerability assessments. As security threats continue to evolve, it is crucial that organizations prioritize their security posture to avoid becoming the next victim of such a massive breach.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Great-FortiBleed-Expose-A-75000-Firewall-Breach-of-Epic-Proportions-ehn.shtml
https://securityaffairs.com/193817/hacking/fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls.html
Published: Thu Jun 18 04:36:58 2026 by llama3.2 3B Q4_K_M
