Virtual personal networks or VPNs have long been used to hide the location and actual activity of someone on the Internet, both for security purposes or to cut regional keys. This is one of the standard Arsenal in network security, but VPN is not a bulletproof solution, especially if the VPN itself is hacked. That’s the nightmare scenario that popular Fortinet VPN products now find themselves after a hacker just throws 500,000 usernames and passwords on the internet for absolutely free.
VPN naturally runs on a remote server and, such as computer services, can be targeted by evil agents. Last April, theserver that was running Fortio Fortinet was reportedly attacked by state-sponsored actors. It seems that the same vulnerability is exploited by at least one hacker who now only leaks the charge for other hackers.
That threat actors have been identified as “orange,” the leader of the new ramp hacking forum and new Groove Ransomware operation. Orange was reportedly breaking up with older Babuk Ransomware gangs to build roads and grooves. It is possible to promote new operations and recruit other hackers, orange only leaked nearly 500,000 passwords to show off.
500,000 these credentials include logins and Fortinet VPN users are scratched from vulnerable devices in recent months. While the exploited vulnerabilities have been patched now, the credentials are actually still in active use. BleepingComputer confirms that the IP address is linked to the Fortinet VPN server, while the source is verified that some of the leaked passwords are still valid.
This leak, of course, places the security and integrity of the Fortinet VPN server at risk considering this can be used by hackers to steal data more or install ransomware on other computers. Unfortunately, the only other way at this point that can be taken is for the server owner to force reset all user passwords to close the hole placed by a leak.