Skip to content
Tech News
← Back to articles

Massive breach spills credentials for thousands of sensitive networks

2026-06-17 | original
read original more articles
Why This Matters

This massive breach of Fortinet firewalls exposes critical vulnerabilities in global network security, putting thousands of organizations at risk of unauthorized access and potential cyberattacks. It highlights the urgent need for enhanced cybersecurity measures and vigilance among both enterprises and consumers to protect sensitive data and infrastructure. The incident underscores the importance of robust security protocols in an increasingly interconnected world.

Key Takeaways

Researchers have uncovered a massive breach of Fortinet firewalls that has given Russian-speaking attackers near-unrestricted access to some of the world’s largest and most powerful organizations, including Oracle, Chevron, Lenovo, Federal Express, a NATO defense contractor, and Fortinet itself.

Nearly 74,000 Fortinet devices from more than 21,000 IP addresses in 194 countries have been compromised and their plaintext credentials exposed online, Bob Diachenko, a security researcher and head of SecurityDiscovery.com, said online and in an interview. He said he found the data after gaining access to the attackers’ command-and-control server and other infrastructure. The exposed data also included the industry, revenue, and employee count for each compromised organization.

Exceptional scale, poor opsec

Independent researcher Kevin Beaumont reported that “almost all” of the compromised devices remained online as of Wednesday morning. He went on to say that he has confirmed with multiple organizations found in the attackers’ logs that the credentials are real and current. In many cases, once the threat actors compromised the devices, they went on to access affected organizations’ centralized authentication systems, such as Radius servers and Microsoft Active Directory. The number of compromised devices comprises roughly half of all Internet-facing Fortinet firewalls, based on polling from Shodan.

“The scale of this breach touches nearly every sector of the global economy, sparing no industry,” researchers from Hudson Rock, a security firm that also analyzed the data, wrote. “The threat actors have built a verified database of working credentials for some of the largest enterprises on the planet.”

Diachenko, Beaumont, and Hudson Rock all urged Fortinet users to investigate their networks immediately for signs of compromise. Hudson Rock provided this search engine for locating affected domains.

The scale of the operation is exceptional. The threat actor, which Diachenko said was criminally motivated, started by mass-scanning the Internet for FortiGate remote login endpoints. They then used a custom binary with 25,000 threads to spray hundreds of thousands of those endpoints with thousands of login and password combinations. Successful attempts now gave the attackers a “network tap inside the organization.”

Explore topics: fortinet oracle lenovo nato firewall
Related:
The best Lenovo laptops on sale for Prime Day: 8 models we've tested personally
Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world
Sweeping Credential-Harvesting Heist Compromises 30K+ Fortinet Devices
Best Laptops (2026): My Top Recommendations
Sweeping Credential-Harvesting Heist Compromises +30K Fortinet Devices

© 2026 GoKawiil

About | Editorial Policy | Contact