Skip to content
Tech News
← Back to articles

CISA warns Fortinet users to secure devices after FortiBleed leak

2026-06-19 | original
read original more articles
Why This Matters

The FortiBleed leak highlights significant cybersecurity vulnerabilities in Fortinet devices, exposing nearly 74,000 credentials and risking widespread cyberattacks across government and private sectors. This incident underscores the importance of robust security practices and timely updates to protect critical infrastructure and sensitive data. For consumers and organizations, it emphasizes the need for proactive security measures to prevent exploitation by malicious actors.

Key Takeaways

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed "FortiBleed."

This warning comes after threat actors used compromised credentials to target internet-accessible Fortinet devices across government and private-sector organizations worldwide.

"CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials," it said. "This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways."

The agency called on affected FortiGate appliance owners to terminate all SSL VPN and administrative sessions, reset all VPN and administrative passwords, enable phishing-resistant multifactor authentication, and review logs for signs of unauthorized access or lateral movement.

CISA also advised Fortinet customers to store admin credentials using the modern Password-Based Key Derivation Function 2 (PBKDF2) hashing algorithm, and to restrict firewall management interfaces from public internet access and remove any unauthorized accounts to reduce the attack surface as much as possible.

Credentials for over 73K firewalls exposed

The FortiBleed data leak was uncovered by security researcher Volodymyr "Bob" Diachenko, who discovered a server containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for 73,932 firewall URLs worldwide.

The exposed data also includes each organization's industry, revenue, and employee count, which Diachenko said appeared to be compiled to assist in planning future attacks.

Threat intelligence company Hudson Rock, which also analyzed the dataset, described it as one of the largest known collections of compromised Fortinet credentials, spanning 21,632 unique domains and 194 countries.

​Among the organizations represented in the dataset are Samsung, Mercedes-Benz, Foxconn, Chevron, Comcast, AT&T, and Toyota, along with many government agencies and critical infrastructure operators across telecommunications, healthcare, financial services, and manufacturing industry sectors.

... continue reading

Explore topics: fortinet fortibleed cisa vpn firewall
Related:
Telegram ban in India sparks a rush to VPNs, rival apps
Save a huge 85% on a two-year Surfshark VPN subscription for your home or office and grab three extra months free — huge $436 discount on full privacy suite with antivirus protection, ad blocking and unlimited simultaneous connections for just $75
NordVPN Coupons: 75% Off, Plus 3 Months Free in June 2026
Massive breach spills credentials for thousands of sensitive networks
Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world

© 2026 GoKawiil

About | Editorial Policy | Contact