FortiBleed Leak Exposes VPN Credentials for 73,932 Fortinet Firewalls Across 194 Countries

A dataset dubbed 'FortiBleed' has surfaced in criminal communities, exposing VPN admin credentials and configuration data for 73,932 internet-facing Fortinet FortiGate firewall URLs across 194 countries — impacting roughly 21,632 unique domains including named organizations such as Chevron, Samsung, Foxconn, AT&T, and Toyota. A Russian-speaking threat group is believed to have conducted over 1.16 billion credential-stuffing attempts against FortiGate targets, using a 45-GPU Hashtopolis cluster to crack intercepted SSL VPN authentication hashes; researcher Kevin Beaumont confirmed the credentials as real. Hudson Rock has published a free lookup tool for affected organizations, and Fortinet has not yet commented.