Thousands of Fortinet VPN Account Credentials Leaked

[silversurfer]

Credentials pilfered from 87,000 unpatched Fortinet SSL-VPNs have been posted online, the company has confirmed.
 
Or then again, maybe the number is far greater. On Wednesday, BleepingComputer reported that it’s been in touch with a threat actor who leaked a list of nearly half a million Fortinet VPN credentials, allegedly scraped from exploitable devices last summer.
 
The news outlet has analyzed the file and reported that it contains VPN credentials for 498,908 users over 12,856 devices. BleepingComputer didn’t test the credentials but said that all of the IP addresses check out as Fortinet VPN servers.
 
According to analysis done by Advanced Intel, the IP addresses are for devices worldwide. As the chart below shows, there are 22,500 victimized entities located in 74 countries, with 2,959 of them being located in the US.

UPDATE: Threatpost reached out to Fortinet for  clarification on how many devices were compromised. A spokesperson’s reply  reiterated the statement put out on Wednesday:
 
“The security of our customers is our first priority. Fortinet is aware that a malicious actor has disclosed on a dark web forum, SSL-VPN credentials to access FortiGate SSL-VPN devices.  The credentials were obtained from systems that have not yet implemented the patch update provided in May 2019.  Since May 2019, Fortinet has continuously communicated with customers urging the implementation of mitigations, including corporate blog posts in August 2019, July 2020, April 2021 and June 2021 For more information, please refer to our latest blog and PSIRT advisory.  We strongly urge customers to implement both the patch upgrade and password reset as soon as possible.”

Read more: Thousands of Fortinet VPN Account Credentials Leaked | Threatpost