A massive data leak has exposed sensitive credentials for over 73,000 devices worldwide, highlighting the need for stronger cybersecurity measures in today’s digital landscape.
The discovery, dubbed “FortiBleed,” was first made by security researcher Bob Diachenko, who stumbled upon a server containing what appeared to be valid Fortinet VPN credentials. These included usernames, email addresses, and plaintext passwords – which would normally be a recipe for disaster if exposed online.
However, what makes this leak even more astonishing is the sheer scale of affected organizations. Diachenko claims that many top vendors, including notable names like Chevron, Samsung, and Mercedes-Benz, were listed in the files. These companies likely have robust cybersecurity protocols in place, making it all the more surprising that their credentials ended up in this exposed dataset.
A closer examination of the data revealed that the operation was conducted by a Russian-speaking multi-operator threat group. They allegedly harvested credentials for FortiGate SSL VPN devices and attempted to crack approximately 1.16 billion login combinations against 320,777 targets. The attackers also intercepted SSL VPN authentication hashes and used them to access internal networks.
It’s worth noting that the leaked data contains comments listing each organization’s industry, revenue, and number of employees – likely for planning attacks. This adds a disturbing layer to the situation, indicating that these threat actors were not only after login credentials but also sought out valuable information about their potential targets.
According to Diachenko’s investigation, the attackers managed to compromise multiple organizations across various countries, including Japan, Taiwan, Vietnam, Iraq, and Turkey. In fact, a Turkish NATO defense contractor had its classified documents allegedly stolen during one of these breaches.
A threat intelligence company called Hudson Rock has since published an analysis of the exposed data after receiving it from Diachenko. They described it as one of the largest known troves of compromised Fortinet-related credentials, with 73,932 unique firewall URLs spanning across 194 countries and impacting over 21,000 domains.
Perhaps one of the most surprising aspects of this leak is that many exposed credentials were long, complex passwords – often considered difficult to crack. These strong passwords seemed to have been extracted directly from Fortinet configurations, which contained sensitive information like email addresses that’s typically only accessible via admin settings.
Cybersecurity researcher Kevin Beaumont independently reviewed portions of the data and confirmed its authenticity, stating that it “looks like a real dump.” His analysis revealed that the dataset contains credentials for roughly 75,000 Fortinet devices, most of which remain online.
The implications of this leak are far-reaching. The fact that threat actors managed to obtain such a vast collection of valid login credentials is a stark reminder of how vulnerable we are in today’s digital world. And with the added context that some of these organizations had robust cybersecurity measures in place, it’s clear that no one is completely safe from cyber threats.
It’s essential for businesses and individuals alike to prioritize their digital security. This can be achieved by implementing multi-factor authentication, regularly updating software and hardware, and maintaining strong passwords. The FortiBleed leak serves as a stark reminder of the reality we face in cyberspace – and highlights the need for continuous vigilance against emerging threats.
Why it matters:
The sheer scale and scope of the FortiBleed data leak cannot be overstated. Not only does it reveal the alarming ease with which threat actors can obtain sensitive login credentials, but also the extent to which our digital lives are exposed to potential attacks. The vulnerability of major organizations, including seemingly secure ones, underscores the ever-present risk that we face as users and businesses in today’s interconnected world.
Source: Bleeping Computer
