ADVERTISEMENT

Hackers build database of 30,000 working Fortinet logins, researchers warn

Hackers have built an illicit database containing more than 30,000 verified Fortinet logins from companies across 194 countries, new research finds – all part of a massive credential-harvesting operation targeting Fortinet firewalls and VPN gateways.

Fortinet Firewall

Image by Cybernews

Stefanie Schappert
Stefanie Schappert Senior Journalist
Jun 17, 2026 Updated: 22 June 2026 3 min read

Listen to this article

0:00
0:00
Key takeaways:
SOCRadar warns attackers are testing verified Fortinet credentials and urges organizations to rotate passwords.

30,000 verified Fortinet logins exposed

Jurgita Lapienyte justinasv Izabele Pukenaite vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
FortiBleed targeted countries
India, the US, and Mexico lead the list of countries affected by the FortiBleed campaign. Image by SOCRadar

Telecoms and governments targeted

Russian hackers multiple
Researchers say the campaign's tooling and victim selection point to likely Russian-speaking threat actors. Image by BeeBright | Shutterstock
FortiBleed sectors
Telecom operators make up the largest share of affected organizations, according to SOCRadar. Image by SOCRadar
ADVERTISEMENT
FortiBleed port listening
Compromised Fortinet devices were found listening on multiple management and VPN-related ports. Image by SOCRadar

Database built from previous Fortinet attacks

passwords
Researchers say old exposed Fortinet passwords may still be giving attackers access – even after patches. Image by Cybernews

Researchers urge immediate password resets

Strong password generator

Upgrade the security of your online accounts.
Create strong passwords that are completely random and impossible to guess.
Generated unique password
Ad link_title
Convenient way to secure and use all your passwords. Now 72% OFF!

ADVERTISEMENT