FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls
FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls
Publish Date: 2026-06-18 04:13:00
Source Domain: securityaffairs.com
FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls
Pierluigi Paganini
June 18, 2026
FortiBleed: Admin Passwords for 75,000 Fortinet Firewalls Are Out in the Wild. Half the Internet-Facing Fortinets on the Planet.
Security researcher Bob Diachenko found a server sitting open on the internet containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for tens of thousands of organizations. He posted about it on LinkedIn. Kevin Beaumont, one of the most trusted independent voices in network security, then obtained the dataset, worked through it with Hudson Rock, and confirmed what nobody wanted to hear.
“Massive Fortinet/FortiGate bruteforce/active exploitation campaign uncovered in action. Thousands of top vendors instances are listed in the files like this (see screenshot). This one alone has 21,634 domain names – from Chevron to Fortinet itself. All – with potentially working passwords to the FortiGate appliances obtained through various menas.” Bob Diachenko wrote on LinkedIn.
“Crooks use sophisticated hashcracking approach to get then plaintext passwords from the Fortigate configs and use them consequently in the internal network movement and takeover.”
The popular cybersecurity expert Kevin Beaumont confirmed that the data is legit and is related to around 75k devices.
“The data is legit. It is around 75k devices. Almost all are still online, and Fortinet devices. It appears to be recent data.” reads the analysis published by Beaumont. “The data appears to have come from exports of config from the devices, as it includes things which are only visible from the device itself.”
Beaumont verified credentials at multiple organizations in the dataset personally and found them working. The IP addresses in this collection are largely different from the 2025 Belsen Group leak, which covered…
