FortiBleed mass compromise: 73,000+ Fortinet devices hacked via weak passwords
Key Questions
What is the FortiBleed mass compromise?
It is a large-scale credential-based attack that has compromised over 73,000 Fortinet firewalls used by major companies and government agencies. Attackers exploited weak passwords rather than zero-day vulnerabilities, creating a self-feeding mechanism to harvest additional credentials.
Which organizations were affected by the Fortinet firewall breaches?
Affected entities include Accenture, Samsung, Oracle, Lenovo, FedEx, a NATO contractor, and various government agencies. The campaign targeted sensitive networks across multiple industries and regions.
How can organizations protect against this type of Fortinet attack?
Users should immediately strengthen password hygiene and enable multi-factor authentication (MFA) on all Fortinet devices. The incident highlights the risks of weak credentials, as no zero-day exploits were involved.
Massive credential-based campaign compromising Fortinet firewalls used by major companies and governments. Attackers exploiting weak passwords, not zero-days. Self-feeding credential harvesting mechanism. Affected include Accenture, Samsung, government agencies. New details: 74k devices compromised, attackers used GPU cluster to crack VPN hashes, then moved laterally to AD. Half of all internet-facing FortiGates compromised. Urgent password hygiene and MFA required.