Breaking
TRİran'ın Güney Bölgelerinde Patlama Sesleri Duyuldu, Çelişkili HaberlerTRBalık Tutarken Habur Çayı'na Düşen Kişiyi Bulma Çalışmaları SürüyorTRYeditepe Üniversitesi'nde Yaşanan Olaylar Üzerine YÖK Soruşturma BaşlattıTRNetanyahu'dan Trump'ın Türkiye Açıklamasına Üstü Kapalı Tepki: Hava Üstünlüğümüzü KoruyacağızTRTürkiye'den Avrupa Parlamentosu'nun Kıbrıs Kararına TepkiTRYeditepe Üniversitesi Mezuniyet Töreni Pankart Tartışması: Yeni Görüntüler Ortaya ÇıktıTRMeta, Yapay Zeka Kapasitesini Artırmak İçin Kendi Çiplerini Üretime AlıyorTRNetanyahu'dan Lübnan İşgali ve İran Gerilimi AçıklamalarıTRTicaret Bakanı Bolat: Türkiye'nin otomotiv ihracatı Avrupa'da beşinci, dünyada 13. sıradaTRBM'den Gazze'de Sanal Diplomatik Saha ZiyaretiTRİran'ın Güney Bölgelerinde Patlama Sesleri Duyuldu, Çelişkili HaberlerTRBalık Tutarken Habur Çayı'na Düşen Kişiyi Bulma Çalışmaları SürüyorTRYeditepe Üniversitesi'nde Yaşanan Olaylar Üzerine YÖK Soruşturma BaşlattıTRNetanyahu'dan Trump'ın Türkiye Açıklamasına Üstü Kapalı Tepki: Hava Üstünlüğümüzü KoruyacağızTRTürkiye'den Avrupa Parlamentosu'nun Kıbrıs Kararına TepkiTRYeditepe Üniversitesi Mezuniyet Töreni Pankart Tartışması: Yeni Görüntüler Ortaya ÇıktıTRMeta, Yapay Zeka Kapasitesini Artırmak İçin Kendi Çiplerini Üretime AlıyorTRNetanyahu'dan Lübnan İşgali ve İran Gerilimi AçıklamalarıTRTicaret Bakanı Bolat: Türkiye'nin otomotiv ihracatı Avrupa'da beşinci, dünyada 13. sıradaTRBM'den Gazze'de Sanal Diplomatik Saha Ziyareti
Newsgather
BackTens of Thousands of Fortinet Firewalls and VPNs Compromised in Global Hacking Campaign
Tens of Thousands of Fortinet Firewalls and VPNs Compromised in Global Hacking Campaign
Developing
TechCrunch6/17/2026Tech2 min readUnited States

Tens of Thousands of Fortinet Firewalls and VPNs Compromised in Global Hacking Campaign

Quick Look

  • Cybercriminals have compromised over 30,000 Fortinet firewalls and VPNs globally in a campaign dubbed FortiBleed.
  • Hackers exploit weak or reused passwords to gain access, using compromised devices to steal more credentials and expand their reach.
  • Major companies like Accenture, Comcast, and Samsung are among the victims.

AI-generated summary

Why It Matters

A global hacking campaign, dubbed FortiBleed, is compromising tens of thousands of Fortinet firewalls and VPNs by exploiting weak or reused passwords. The campaign uses automated tools to scan for vulnerable devices and leverages lists of known credentials to gain access.

Font size

Cybercriminals have compromised tens of thousands of Fortinet firewalls and VPNs used by major companies all over the world, according to two cybersecurity firms.

The widespread hacking campaign, which is ongoing and has been dubbed FortiBleed, appears to not involve abusing any unknown vulnerability in the targeted devices, but rather on a more basic issue: Companies may not be changing passwords to the firewall, nor making sure that the credentials they use for sensitive systems exposed on the internet are not already known by hackers.

In this campaign, hackers are first using automated tools to scan the internet for exposed Fortinet firewalls and VPNs. Then, they are breaking into the devices thanks to lists of previously known passwords. At that point, the cybercriminals can steal more sensitive data from the victim companies, cybersecurity firms Hudson Rock and SOCRadar wrote in their reports that they published this week.

“Once a device is compromised, [the hackers] use it as a listening post, monitoring traffic passing through and collecting any additional credentials that flow by. Those freshly collected passwords are then fed back into the scanner to compromise even more devices. The system feeds itself,” SOCRadar wrote.

Hudson Rock said they found evidence that suggests more than 73,000 unique Fortinet URLs have been hacked, while SOCRadar said the total of hacked devices is more than 30,000.

According to Hudson Rock, the hacked companies include: Accenture, Comcast, Foxconn, Lenovo, Oracle, Samsung, Siemens, and PwC.

A Lenovo spokesperson acknowledged receipt of TechCrunch’s request for comment but did not respond. None of the other companies responded to a request for comment.

According to both Hudson Rock and SOCRadar, the countries with the most affected devices are India, the United States, Taiwan, and Mexico. But both companies say there are victims all over the world. As for industries, the most affected ones are IT services, construction materials, and telecommunications, according to Hudson Rock. Government agencies are also among the victims, per SOCRadar. Both cybersecurity companies said the group behind the hacking campaign appears to be Russian-speaking.

Fortinet did not respond to a request for comment.

Hudson Rock and SOCRadar’s reports are based on the discovery of a list of credentials for Fortinet devices and associated companies. This hacking campaign was first reported by security researcher Bob Diachenko over the weekend. Independent cybersecurity researcher Kevin Beaumont said in a blog post on Wednesday that he analyzed the data and confirmed the data “is legit.”

What to Watch

AI outlook — possibilities, not facts

  • Further exploitation of Fortinet devices and other network security products with similar vulnerabilities.

    Likely · Within weeks

  • Increased investment in cybersecurity solutions by affected companies and governments.

    Very likely · Within months

Open Questions

  • What specific actions will Fortinet take to address this vulnerability?
  • Will affected companies face regulatory penalties?
  • What is the extent of data stolen from victim organizations?

Related Topics

This article was originally published by TechCrunch.

Related Stories

More on this topiccybersecurity