Cybercriminal Gang Just Leaked 500,000 Fortinet VPN Users' Passwords
A hacker gang has allegedly collected and dumped a large trove of approximately 500,000 login credentials belonging to users of a popular VPN product from cybersecurity firm Fortinet.
The threat actor, who goes by the moniker of “Orange,” apparently leaked the trove of usernames and passwords on a dark web forum on Tuesday, Bleeping Computer has reported. While cybercriminals will often try to sell such data or use it for their own nefarious purposes, Orange apparently posted the large haul of information for free.
The accounts are believed to have been compromised via a previously discovered vulnerability in the product. In April, federal agencies warned of multiple security flaws in Fortinet’s VPN that could allow hackers access. The company has since been issued patches for those security flaws—though that apparently did not stop droves of users from having their account information compromised.