ITmatterss

Web Stories
Menu
Menu

FortiBleed Hack Exposes Thousands of Fortinet Firewalls Worldwide, Major Firms Affected

Vertical Share Bar
FortiBleed Hack Compromises Thousands of Fortinet Firewalls Worldwide

News in Short

  • FortiBleed has reportedly compromised tens of thousands of Fortinet firewalls and VPN devices worldwide.
  • Cybersecurity researchers say attackers relied on stolen and previously leaked passwords rather than a new software vulnerability.
  • Major companies including Accenture, Lenovo, Samsung, Oracle, Foxconn, Comcast, Siemens, and PwC have been linked to affected systems.
  • India is among the countries with the highest number of impacted devices, alongside the United States, Taiwan, and Mexico.

A massive cybersecurity campaign known as FortiBleed has reportedly compromised tens of thousands of Fortinet firewalls and VPN gateways used by organizations around the world. Researchers say the attackers did not exploit a newly discovered software flaw. Instead, they gained access using previously leaked credentials and weak password practices, exposing a widespread security problem across industries.

The scale of the incident has quickly turned Fortinet into one of the most talked-about topics in cybersecurity this week. Security firms tracking the activity believe the campaign remains active and could continue spreading if organizations fail to secure internet-facing devices.

What Is FortiBleed and Why Is It Making Headlines?

FortiBleed is the name given to an ongoing cyberattack campaign targeting Fortinet firewalls and VPN systems. According to cybersecurity companies Hudson Rock and SOCRadar, attackers are scanning the internet for exposed Fortinet devices and attempting to log in using credentials already known to cybercriminals.

Unlike many recent large-scale cyberattacks, this operation does not appear to rely on a newly discovered vulnerability. Instead, researchers say it exploits a more basic weakness: organizations continuing to use compromised or recycled passwords on critical security infrastructure.

That distinction makes the incident especially significant. It highlights how even advanced security products can become entry points when identity and password management practices fail.

How Did the Attackers Gain Access?

Researchers say the attack follows a relatively straightforward process.

First, automated tools search the internet for publicly accessible Fortinet firewalls and VPN gateways. Once a device is identified, attackers attempt to authenticate using lists of usernames and passwords that have surfaced in previous breaches, malware infections, or credential leaks.

When access is successful, the compromised device becomes a valuable intelligence source.

SOCRadar explained that attackers can monitor traffic passing through affected systems and collect additional credentials used by employees and administrators. Those newly harvested credentials are then reused against other devices and organizations, creating a self-reinforcing cycle of compromise.

This approach allows attackers to expand their reach without relying on sophisticated exploits or zero-day vulnerabilities.

How Many Fortinet Devices Have Been Affected?

The exact number remains unclear, but estimates suggest the impact is significant.

Hudson Rock reported evidence indicating that more than 73,000 unique Fortinet-related URLs may have been compromised. Meanwhile, SOCRadar estimated that over 30,000 devices have been affected.

The difference in figures likely reflects varying methodologies and datasets. However, both assessments point to one conclusion: the campaign has reached a global scale.

Security researcher Bob Diachenko first reported the discovery of the exposed credential dataset. Independent cybersecurity researcher Kevin Beaumont later analyzed the information and stated that the data appeared legitimate, adding further credibility to the findings.

Which Companies and Countries Are Impacted?

Hudson Rock identified evidence connecting affected systems to several globally recognized organizations. The list includes Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC.

At the time of reporting, most companies had not publicly commented on the findings. Lenovo acknowledged receiving media inquiries but did not provide additional details.

The geographic distribution is equally notable.

Researchers say India, the United States, Taiwan, and Mexico currently account for some of the highest concentrations of affected devices. However, victims have reportedly been identified across multiple regions and sectors worldwide.

Industries most frequently appearing in the data include IT services, telecommunications, and construction-related businesses. Government agencies are also believed to be among the impacted organizations.

What Has Fortinet Said About the Incident?

Fortinet has acknowledged awareness of reports describing a credential-harvesting campaign targeting its firewall and VPN products.

According to the company, its analysis suggests the activity involves the reuse of data collected from previous incidents and brute-force attempts against credentials. Fortinet stated that the campaign does not appear to be connected to a newly disclosed security vulnerability or recent advisory.

This distinction is important because it shifts attention away from software flaws and toward operational security practices such as password hygiene, credential monitoring, and multifactor authentication.

Why Does This Attack Matter?

The FortiBleed campaign demonstrates a growing reality in cybersecurity: attackers do not always need advanced exploits to gain access.

Many organizations invest heavily in network security technologies while overlooking basic account protection measures. Reused passwords, exposed credentials, and insufficient authentication controls can create opportunities for attackers even when systems are fully patched.

The incident also underscores the risks associated with internet-facing infrastructure. Firewalls and VPN gateways often sit at the edge of corporate networks, making them attractive targets because successful access can provide visibility into sensitive traffic and internal systems.

As attackers continue to automate credential-based attacks, organizations face increasing pressure to monitor exposed credentials, enforce strong password policies, and adopt multifactor authentication across critical systems.

Conclusion

The Fortinet security crisis linked to the FortiBleed campaign serves as a reminder that cybersecurity threats are not always driven by sophisticated vulnerabilities. Researchers believe tens of thousands of devices have been compromised through leaked credentials and weak password management practices. As investigations continue, FortiBleed is likely to remain a major cybersecurity story, especially as organizations worldwide assess whether their own Fortinet systems may have been affected.

39

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending Now

FortiBleed Hack Compromises Thousands of Fortinet Firewalls Worldwide

FortiBleed Hack Exposes Thousands of Fortinet Firewalls Worldwide, Major Firms Affected

ChatGPT Gets Smarter Memory That Remembers Preferences, Projects, and Context Better

ChatGPT Gets Smarter Memory That Remembers Preferences, Projects, and Context Better

Apple warns that AI-driven memory chip shortages are driving up costs. Learn why iPhone, Mac, iPad, and Apple Watch prices could increase and what it means for consumers.

Apple Faces New AI Problem as Memory Shortage Threatens iPhone Pricing

iphone_18_

iPhone 18 Could Get 12GB RAM to Support Advanced Siri AI Features

Picture of ITmatters

ITmatters

logo

Get the latest news instantly

You can change your preferences anytime.