Massive Fortinet Breach Exposes 74,000 Devices Worldwide

Security researchers uncovered a massive compromise of Fortinet FortiGate firewalls affecting some of the world's largest organizations. Researcher Bob Diachenko discovered approximately 74,000 compromised devices from over 21,000 IP addresses spanning 194 countries, with plaintext credentials and organizational details (industry, revenue, employee count) exposed online. Kevin Beaumont confirmed most devices remained accessible as of investigation date, with verified real and current credentials. The attackers employed a systematic approach: mass-scanning for FortiGate remote login endpoints, then deploying a custom binary with 25,000 threads to spray hundreds of thousands of endpoints with credential combinations. Successful compromises provided attackers a "network tap" into target organizations. Hudson Rock researchers documented that threat actors actively intercepted SSL VPN authentication hashes and cracked them using a 45-GPU cluster managed via Hashtopolis, allowing lateral movement to compromise Active Directory and centralized authentication systems. The scale represents roughly half of all Internet-facing Fortinet firewalls globally. Researchers confirmed full network compromises at multiple organizations across Japan, Taiwan, and Vietnam. The threat actor, identified as criminally motivated with Russian-speaking origins, built a verified database of working credentials for major enterprises. Affected sectors span nearly all industries globally.