500,000 Fortinet account credentials linked to SSL-VPN devices have been leaked online in another blow to the company. The leaked data, which was found on several sites, (including for free on the Russian forum Groove and hacking forum Ramp), has been linked to a previous vulnerability that was exposed in May 2019.
According to a statement from Fortinet, 87,000 credentials were originally unpatched against FG-IR-18-384 / CVE-2018-13379 and have since been patched. However, if users have not changed their passwords, then it is highly likely that their accounts are still compromised.
Now, it seems that many more account credentials have been scraped than originally thought. A report from BleepingComputer suggests that approximately 500,000 users have been affected with stolen logins from almost 13,000 SSL-VPN devices.
What is Fortinet?
Fortinet is a company that provides cybersecurity solutions to corporations around the world. Some of the software it provides includes firewalls, intrusion detection and prevention, and VPN services.
Given that many organizations around the world use Fortinet solutions, including its SSL-VPN devices, this latest breach directly affects their security.
How did the Fortinet breach happen?
As highlighted in the Fortinet statement, this new breach is linked to a previous security risk that was revealed in 2019. This vulnerability allowed cybercriminals to gain access to system files that contain usernames and passwords.
How has Fortinet responded to the leak?
Fortinet initially responded to the vulnerability in 2019 by resolving it and encouraging users to upgrade their SSL-VPN devices to ensure that they are running on the most recent releases.
In light of this recent leak, Fortinet has urged all users that were using devices on older versions that were affected (including FortiOS 6.0.0 -6.0.4, 5.6.3- 5.6.7, and 5.4.6-5.4.12) to disable their VPNs and immediately upgrade their software.
As well as this, it is recommended that organizations reset all login credentials and set up two-factor authentication for logins to ensure that breaches are prevented in the future.