Security researchers have uncovered a sprawling cache of stolen credentials for Fortinet firewalls, exposing login details for tens of thousands of organisations around the world.
The dataset, dubbed “FortiBleed,” contains plaintext usernames, emails and passwords for 73,932 unique Fortinet FortiGate firewall and VPN devices across 194 countries, touching more than 21,000 domains. Researchers estimate that is roughly half of all Fortinet firewalls currently exposed to the internet.
The names appearing in the data read like a roll call of global industry: Oracle, Chevron, Lenovo, FedEx, Foxconn, Samsung, Comcast, Siemens, PwC and Accenture among them, alongside a NATO defence contractor. According to Ars Technica, Fortinet itself appears in the list.
No flashy zero-day, just industrial password-cracking
One instructive part of FortiBleed is what it did not involve: there is no sign of a dazzling new flaw in Fortinet’s software.
