HQ/EMEAFind out how we can help your business
The configuration data and virtual private network (VPN) credentials of 15,474 Fortinet devices have been leaked on the dark web, exposing critical information from organisations worldwide.
Despite the data being over two years old, security experts caution that it could still pose risks to organisations that have not implemented adequate security measures.
The leaked files, totalling 1.6GB, were posted for free by a cybercriminal group known as the Belsen Group. The data is meticulously organised by country, IP address, and firewall port number, making it easily accessible to malicious actors.
Key regions affected include Belgium, Poland, the US, and the UK, each reporting over 20 compromised devices. Interestingly, the data did not include Fortinet devices in Iran, despite nearly 2,000 of them being reachable via the internet, according to Shodan.
Among the leaked details are IP addresses, usernames, passwords, device management certificates, and firewall configurations, along with SSL-VPN credentials. Security researchers noted that this data, stolen in 2022, was likely obtained through a severe authentication bypass vulnerability (CVE-2022-40684) that affected FortiOS, FortiProxy, and FortiSwitchManager.
The Belsen Group’s leak highlights the ongoing risk of outdated security practices. While the stolen information is aged, it still provides insight into the internal network structures of affected organisations. Additionally, old usernames and passwords often remain in use, further increasing exposure.
Another critical vulnerability, CVE-2018-13379, was exploited to gather SSL-VPN credentials., which demonstrates how long-standing issues can be leveraged for attacks if not addressed promptly.
Fortinet assured users that routine security practices minimise risks from the leaked data.
Fortinet has sought to reassure its users, emphasising that organisations adhering to routine security best practices, such as regularly refreshing credentials and applying patches, face minimal risk. In a statement, the company noted that the impact of the leaked data would be negligible for organisations that have taken appropriate action since the vulnerabilities were first disclosed.
This data breach highlights the global nature of cybersecurity threats. While most countries where Fortinet operates were included in the leaked data, Russia and Iran were notable exceptions. Only one device in Crimea, a region annexed by Russia, appeared in the data.
Security experts urge organisations to prioritise security hygiene to mitigate risks from both past and future vulnerabilities. Regular updates, credential cycling, and vigilant monitoring remain the most effective defences against such threats.
