{"id":275479,"date":"2026-06-18T04:13:00","date_gmt":"2026-06-18T08:13:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/18\/fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls\/"},"modified":"2026-06-18T09:00:27","modified_gmt":"2026-06-18T13:00:27","slug":"fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/18\/fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls\/","title":{"rendered":"FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/193817\/hacking\/fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls.html\">FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/193817\/hacking\/fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls.html\">https:\/\/securityaffairs.com\/193817\/hacking\/fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-18 04:13:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> June 18, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2019\/11\/fortinet-logo.jpg?fit=730%2C480&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">FortiBleed: Admin Passwords for 75,000 Fortinet Firewalls Are Out in the Wild. Half the Internet-Facing Fortinets on the Planet.<\/h2>\n<p class=\"wp-block-paragraph\">Security researcher Bob Diachenko found a server sitting open on the internet containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for tens of thousands of organizations. He posted about it on LinkedIn. Kevin Beaumont, one of the most trusted independent voices in network security, then obtained the dataset, worked through it with Hudson Rock, and confirmed what nobody wanted to hear.<\/p>\n<p class=\"wp-block-paragraph\">\u201cMassive Fortinet\/FortiGate bruteforce\/active exploitation campaign uncovered in action. Thousands of top vendors instances are listed in the files like this (see screenshot). This one alone has 21,634 domain names \u2013 from Chevron to Fortinet itself. All \u2013 with potentially working passwords to the FortiGate appliances obtained through various menas.\u201d Bob Diachenko wrote on LinkedIn. <br \/>\u201cCrooks use sophisticated hashcracking approach to get then plaintext passwords from the Fortigate configs and use them consequently in the internal network movement and takeover.\u201d<\/p>\n<p class=\"wp-block-paragraph\">The popular cybersecurity expert Kevin Beaumont confirmed that the data is legit and is related to around 75k devices.<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe data is legit. It is around 75k devices. Almost all are still online, and Fortinet devices. It appears to be recent data.\u201d reads the analysis published by Beaumont. \u201cThe data appears to have come from exports of config from the devices, as it includes things which are only visible from the device itself.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Beaumont verified credentials at multiple organizations in the dataset personally and found them working. The IP addresses in this collection are largely different from the 2025 Belsen Group leak, which covered&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/193817\/hacking\/fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls https:\/\/securityaffairs.com\/193817\/hacking\/fortibleed-exposes-admin-passwords-for-75000-fortinet-firewalls.html Publish Date: 2026-06-18 04:13:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":275481,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/06\/image-48.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,29],"class_list":["post-275479","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-network-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275479"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=275479"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275479\/revisions"}],"predecessor-version":[{"id":275484,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/275479\/revisions\/275484"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/275481"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=275479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=275479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=275479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}