FortiBleed campaign exposes Fortinet VPN credentials for 73,000 devices
Tags Infrastructure · Enterprise
The FortiBleed campaign targeting Fortinet FortiGate devices exposed SSL VPN credentials for 73,932 firewall URLs at organizations worldwide. Attackers deployed custom network sniffers on compromised firewalls to harvest authentication secrets and steal VPN credentials. The data leak was dubbed FortiBleed and was discovered on June 18, 2026. Remediation requires firmware updates and credential changes on all affected devices.
Technical significance
The exposure of 73,000 Fortinet VPN credentials represents one of the largest firewall credential leaks in recent years. Organizations running FortiGate devices must assume compromise and rotate all credentials immediately, as the custom sniffer tool indicates sophisticated, targeted exploitation rather than opportunistic scanning.