FortiBleed Leak Exposes Fortinet VPN Credentials for 73,000 Devices
A massive data leak dubbed 'FortiBleed' has exposed VPN credentials for over 73,000 Fortinet devices worldwide, affecting major corporations.
Aditya Raj
July 8, 2026 · 2 min read
A massive data leak dubbed FortiBleed has exposed VPN credentials for over 73,000 Fortinet devices worldwide. The leak includes usernames, emails, and plaintext passwords from Fortune 500 companies including Chevron, Samsung, and AT&T. Lack of MFA is a major contributing factor.
A newly discovered data leak dubbed FortiBleed has exposed a collection of Fortinet and FortiGate VPN credentials for over 73,000 firewall endpoints worldwide. The leak includes usernames, email addresses, and plaintext passwords from employees at Chevron, Samsung, Foxconn, Comcast, AT&T, Toyota, and dozens of other Fortune 500 companies.
"The scale of this leak is staggering," said Jake Williams, former NSA hacker and co-founder of Rendition Infosec. "We're seeing credentials for some of the most security-conscious organizations on the planet exposed en masse. Any organization using affected Fortinet devices should assume compromise and launch full incident response immediately."
Security researchers believe the data was collected through a combination of credential harvesting, targeted phishing campaigns, and exploiting known but unpatched Fortinet vulnerabilities. The threat actor appears to have been collecting credentials for months before releasing them, suggesting a patient and methodical operation.
The leak raises serious questions about enterprise VPN security. Many affected organizations had not implemented multi-factor authentication, which would have prevented credential-based access even with exposed passwords. "Any security team that hasn't made MFA mandatory for VPN access is failing at a basic level," Williams added.
Fortinet has acknowledged the leak and issued a security advisory directing customers to audit their deployments. The company emphasized that the leak does not stem from a zero-day vulnerability in its products but rather from customer credential theft through multiple attack vectors.
The incident is being compared to the 2021 Fortinet data exposure that affected tens of thousands of devices, raising questions about whether the industry has learned from past incidents. "Three years later, we're seeing the same patterns," said a SANS Institute instructor. "This is an industry-wide failure to implement basic security hygiene."
Affected organizations now face a complex remediation process involving credential rotation, forensic investigation for active compromises, and potential compliance notifications under breach disclosure laws. The incident response costs are expected to reach millions of dollars across the affected organizations.
For the cybersecurity industry, FortiBleed reinforces the importance of credential management as a security priority. With AI-powered password cracking and credential theft tools becoming more sophisticated, organizations must treat VPN credentials as highly sensitive assets requiring layered protection.
Key Takeaways
- 1 FortiBleed exposed 73,000+ Fortinet VPN credentials including Fortune 500 companies
- 2 Data collected through credential harvesting, phishing, and unpatched vulnerabilities over months
- 3 Many affected organizations had not enabled multi-factor authentication for VPN access
- 4 Fortinet confirmed no zero-day was involved — credentials were stolen through multiple attack vectors
- 5 Remediation involves credential rotation, forensic investigation, and potential compliance notifications
Frequently Asked Questions
What is FortiBleed?
FortiBleed is a data leak exposing Fortinet VPN credentials for over 73,000 devices worldwide, including employees at Fortune 500 companies.
Was a zero-day vulnerability involved?
No. Fortinet confirmed the leak stems from credential theft through multiple attack vectors, not a zero-day in its products.
How can organizations protect against similar attacks?
Enable MFA for all VPN access, implement credential monitoring, patch Fortinet devices promptly, and conduct regular security audits.
SOURCES
TOPICS
Stay Ahead with TECHRADAR360
Get the latest tech news delivered to your inbox every morning.