A threat actor allegedly scraped nearly 500,000 Fortinet VPN user credentials from unsecured devices, then shared them on his newly launched hacker forum.
The individual who leaked the hacked credentials gathered them from unprotected devices last summer. Many of these credentials were still vailed and were gathered from unpatched Fortinet firewalls.
The leaker’s file contained 498,908 usernames and passwords that were scraped from 12,856 devices.
According to BleepingComputer, the author of the leak is known as ‘Orange.’ They are a former member of the Babuk ransomware gang and the current administrator of the recently launched RAMP hacker forum, which is where the leak was posted for free. This was presumably done in order to promote their new forum.
This forum has now been somewhat taken down as the only data that is left is the leaked data.
At this point in time it is unknown if any of these credentials were leveraged and if VPN credentials were used to access company data.
To Prevent This
The best way to prevent attacks like this is to ensure your firewalls are up-to-date and secured. Fortinet firewalls have been breached in the past; just last year over 50,000 usernames, passwords, and firewall IP’s were exposed to the public.
It is our recommendation to ensure your firewalls are up-to-date and that your staff follows NIST (National Institute of Standards and Technology) to ensure sensitive data is correctly handled. In addition, all devices accessing company data should be monitored and protected by the company to limit the risk.
Reach out to us today if you have any questions regarding your firewall’s security or what the best polices are to roll out to your company.