CISA warns Fortinet users to secure devices after FortiBleed leak
CISA warns Fortinet users to secure devices after FortiBleed leak
Publish Date: 2026-06-19 02:47:00
Source Domain: www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed “FortiBleed.”
This warning comes after threat actors used compromised credentials to target internet-accessible Fortinet devices across government and private-sector organizations worldwide.
“CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices across government and private sector organizations using compromised credentials,” it said.
“This activity, referred to as FortiBleed, involves the exposure of leaked credentials associated with approximately 74,000 Fortinet devices, including firewalls and virtual private network (VPN) gateways.”
The agency called on affected FortiGate appliance owners to terminate all SSL VPN and administrative sessions, reset all VPN and administrative passwords, enable phishing-resistant multifactor authentication, and review logs for signs of unauthorized access or lateral movement.
CISA also advised Fortinet customers to store admin credentials using the modern Password-Based Key Derivation Function 2 (PBKDF2) hashing algorithm, and to restrict firewall management interfaces from public internet access and remove any unauthorized accounts to reduce the attack surface as much as possible.
Credentials for over 73K firewalls exposed
The FortiBleed data leak was uncovered by security researcher Volodymyr “Bob” Diachenko, who discovered a server containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for 73,932 firewall URLs worldwide.
The exposed data also includes each organization’s industry, revenue, and employee count, which Diachenko said appeared to be compiled to assist in planning future attacks.
Threat intelligence company Hudson Rock, which also analyzed the dataset,…
