Scopeora News & Life ← Home
Technology

Tens of thousands of Fortinet firewalls reportedly exposed in global credential-based attack

Fortinet firewalls and VPNs are reportedly exposed in a global credential-based campaign, highlighting the growing importance of password hygiene in enterprise security.

Two cybersecurity firms say a large-scale campaign has affected tens of thousands of Fortinet firewalls and VPN devices used by major organizations worldwide. The operation, known as FortiBleed, appears to rely less on a new software flaw and more on reused or exposed passwords.

According to the reports, attackers first scan the internet for internet-facing Fortinet systems, then try credentials already circulating in hacker databases. Once inside, they can observe network traffic and collect additional login details, creating a cycle that expands the reach of the campaign.

Hudson Rock estimates that more than 73,000 unique Fortinet URLs may have been compromised, while SOCRadar places the number of affected devices above 30,000. The companies say victims span multiple regions, with India, the United States, Taiwan, and Mexico among the most affected countries.

The reports also point to a broad industrial footprint, including IT services, construction materials, telecommunications, and public-sector organizations. Among the companies named in Hudson Rock's findings are Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC.

Security researcher Bob Diachenko first highlighted the campaign, and independent researcher Kevin Beaumont later said the data appears authentic. Fortinet has not publicly commented on the findings.

The case underscores how basic credential hygiene can be as critical as advanced technical defenses, and it may accelerate stronger identity protection practices across enterprise networks in the future.