Fortinet FortiGate Devices Targeted: Config Files and VPN Passwords Leaked
Shared on a popular cybercrime forum, the data includes configuration files, VPN passwords, and categorized IP addresses, organised by country. The group claims this is their first major operation and has made the data freely accessible.
Analysis by Heise Security suggests the leaked devices run older FortiOS versions, predating version 7.2.2, released in October 2022. Most affected devices appear to have been compromised in late 2022. Devices in Mexico (1,603), the USA (679), and Germany (208) dominate the leak, with notable IPs linked to major internet service providers.
The method of compromise remains uncertain, though evidence points to individual firewall exploitation. Fortinet has not yet issued a statement on the breach, leaving impacted users and organisations in urgent need of securing their systems.