LACNIC exposes leak of thousands of Fortinet device credentials

LACNIC exposes leak of thousands of Fortinet device credentials is profiled by BTW Media because published evidence links it to internet infrastructure, governance, operational dependencies, or market visibility.

• A data breach has exposed the credentials and config files of over 15,000 Fortigate devices, with some passwords stored in plain text.
• This incident is linked to a zero-day vulnerability exploited by hackers, raising significant concerns about cybersecurity across affected networks.

What happened: Fortinet credentials leaked in massive breach

A significant data breach has emerged as a group of criminals leaked the configuration files, IP addresses, and VPN access credentials of over 15,000 Fortigate devices on the dark web. Each folder contained a Fortigate config dump file alongside a vpn-passwords.txt file. Alarmingly, some passwords were stored in plain text, likely due to poor complexity or system configuration.

This breach is linked to a zero-day vulnerability (CVE-2022-40684) that hackers exploited by downloading configurations from compromised FortiGate devices. They created an administrator account named ‘fortigate-tech-support’ to facilitate their access.

Although the data was collected in 2022, it reveals critical information about network defences, including firewall rules and sensitive credentials. LACNIC CSIRT has analysed the associated IP addresses and identified the countries affected within the LACNIC region, highlighting the extensive reach of this security incident.

Also read: KSC becomes Fortinet Advanced Partner, elevating network security standards
Also read: Fortinet’s 2H 2023 threat report: Key insights and imperatives

Why it’s important

This breach underscores the ongoing vulnerabilities within critical cybersecurity infrastructure, particularly in devices widely used across various sectors. The exposure of Fortinet credentials not only jeopardises the security of individual organisations but also poses a broader risk to the interconnected systems that rely on these devices. As cybersecurity threats become more sophisticated, incidents like this serve as a wake-up call for all organisations to reassess their security protocols.

This leak follows a troubling trend in the tech industry, where high-profile breaches have become alarmingly common. For example, the previous incident involving the leakage of 500,000 credentials from Fortinet devices illustrates a pattern of negligence in securing sensitive data. Such events highlight the necessity for robust security measures and regular firmware updates, as recommended by experts.

As digital transformation accelerates, the stakes are higher than ever. Cybersecurity breaches not only affect the immediate victims but can have ripple effects across entire networks. This story impacts readers by emphasising the importance of vigilance in securing their digital assets, urging them to implement best practices and stay informed about potential vulnerabilities. In an era where data is the new currency, understanding these risks is crucial for safeguarding both personal and organisational information.