Hackers leaked 500,000 Fortinet VPN users’ passwords on Dark Web

Attention, Fortinet users! Your credentials might have been leaked on the dark web!

A notorious group of hackers allegedly extracted and released a huge number of users’ credentials of a popular VPN service owned by cybersecurity firm Fortinet.

The hacker gang, known as “Orange,” seemed to have leaked over 500,000 users’ credentials on the dark web on Tuesday, reported by Bleeping Computer.

Now, in a typical ransomware attack, hackers usually prefer to sell this information for a good amount of money. But apparently, money doesn’t seem to appeal to this hacker group, as they have dumped the entire trove of sensitive credentials on the dark web for absolutely free – ulterior motives, probably?

Hackers seemed to have extracted users’ sensitive data by exploiting a previously found glitch in the product. In April, federal agencies notified Fortinet about the numerous security glitches in its VPN service that could be susceptible to hacking attacks. In an attempt to fix these vulnerabilities, the company did release some patches but apparently, they weren’t good enough to prevent users from having their account details compromised.

Fortinet VPN credentials hacked

Of course, this could be catastrophic because hackers can now have full access to users’ networks. They can do anything like install malware, extract sensitive data, perform ransomware attacks or worse.

According to the security research firm Advanced Intel, Orange is suspected to be linked with a ransomware group known as “Groove.” This group is notorious for having worked for Babuk, a well-known ransomware gang who attempted to extort the Metropolitan police department of Washington, D.C, for millions of dollars.

Some believe that the leak might have something to do with a new cybercrime forum called RAMP launched by Groove. Researchers suspect that the attack has been carried to draw attention to the group’s newly-launched business venture. Well, that’s one hell of a marketing strategy!

Virtual Private Network is a privacy tool designed to protect users’ sensitive data and online activity. However, it can become a privacy nightmare if somebody hacks into these accounts. For example, compromised Fortinet VPN accounts might allow hackers to infiltrate networks, install malware or spyware, steal data, or worse. This is why it is recommended to use only Premium VPN services that offer strong security.

Unfortunately, many of the compromised credentials are still valid and operational, as claimed by the hackers. According to the Bleeping computer analysis, these credentials belong to 498,908 users over 13,856 devices. These users are from 74 different countries, mostly from India with Italy, France, and Israel also having a significant share of users whose data have been compromised. We have not yet received any official statement from the company regarding the leak.

Fortinet VPN compromised users

What should Fortinet VPN owners do?

Since we cannot legally verify the list of compromised credentials, it’s better to assume that all the listed credentials are legitimate; hence, precautions are needed. If you own a Fortinet VPN account, consider yourself among those whose credentials have been compromised in the leak. To be safe, immediately perform a forced reset of all user passwords and check your logs for any suspected intrusions. It’s better to switch to a reliable VPN service such as ExpressVPN that is safer and dependable for online security and privacy. Check out the detail review of ExpressVPN here.