Hacking group publishes passwords of Fortinet customers online

Hacking group publishes passwords of Fortinet customers online

Hacker group publishes passwords of Fortinet customers online

Back in spring, data was captured

At that time, the vulnerability CVE-2018-13379 in FortiGate VPN servers was exploited in Cring ransomware attacks. The VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware and conduct ransomware attacks. Kaspersky had reported here about this.

‍Fortinet users should reset passwords

FortiOS versions 6.0.0 to 6.0.4, 5.6.3 to 5.6.7, and 5.4.6 to 5.4.12. According to BleepingComputer, the analysis of the data shows that it contains VPN credentials for 498,908 users on 12,856 devices. ‍

The vulnerability is said to have been patched in the meantime. At this point, we recommend resetting the passwords immediately to be on the safe side!

A vulnerability is a security hole that can be turned into a threat by intruders!

Anonymous