# Massive Fortinet VPN Credential Exposure Threatens Global Enterprises

*Published June 19, 2026*
*Source: [https://www.news4hackers.com/fortibleed-vulnerability-exposes-73000-fortinet-vpn-devices-security-breach-alert/](https://www.news4hackers.com/fortibleed-vulnerability-exposes-73000-fortinet-vpn-devices-security-breach-alert/)*

## Executive Summary

The FortiBleed breach has exposed Fortinet VPN credentials for nearly 74,000 devices globally, affecting numerous high-profile organizations. The breach, attributed to a coordinated brute-force attack by a Russian-speaking group, underscores the urgent need for impacted entities to enhance their security measures.

## Article

A significant security breach known as 'FortiBleed' has exposed the credentials of Fortinet VPN systems across 73,932 devices worldwide. Security researcher Bob Diachenko discovered a database containing sensitive Fortinet and FortiGate VPN credentials, including usernames, IP addresses, and plaintext passwords. This breach affects a wide range of organizations, including major companies like Chevron, Samsung, and AT&T. The data also includes metadata about the affected organizations, potentially assisting attackers in targeting specific industries.

The breach is linked to a Russian-speaking threat group that executed an extensive brute-force campaign. They attempted approximately 1.16 billion credential attacks on FortiGate SSL VPN devices and 2.1 billion on Microsoft SQL Server systems. By intercepting and cracking SSL VPN authentication hashes using a powerful GPU cluster, the attackers obtained access to internal Active Directory environments.

The exposed credentials were found to originate from exported Fortinet configurations, providing attackers with detailed technical information. This breach has impacted companies in regions such as Japan, Taiwan, and Turkey, including a Turkish NATO defense contractor. Hudson Rock, a cybersecurity firm, confirmed the breach's scale and released a tool to help organizations assess their exposure.

Security experts recommend immediate protective measures, emphasizing the importance of rotating VPN passwords, implementing multi-factor authentication, and monitoring network activity for signs of compromise. Though Fortinet has yet to issue an official response, organizations are urged to act swiftly to prevent further exploitation of the exposed credentials.