FortiBleed: 74,000 Fortinet Firewalls Leaked and Nothing to Patch

On 18 June 2026 a security researcher found an open server on the internet holding usernames, emails and passwords for 73,932 internet-facing Fortinet firewalls — roughly half of every FortiGate exposed to the public internet, across 194 countries. The dataset, now called FortiBleed, names Samsung, Siemens, Foxconn, Oracle, Accenture, Chevron and Comcast among the affected, plus government agencies and critical-infrastructure operators. Kevin Beaumont, who works with several of the listed organisations, confirmed the logins were real and working. At least four organisations in the set were fully compromised.

Here is the part that matters, and the part most of the coverage buried: there is no CVE in this story. Nothing to patch. The firewalls in the dump were, in Beaumont's words, mostly on recent firmware. The attacker does not need a vulnerability — they have your admin password, and they log in through the front door like an administrator. That single fact breaks the defensive model most organisations still run on.

FortiBleed: 74,000 firewalls and nothing to patch

The instinct, the second a Fortinet headline lands, is to check the version number. Are we on a vulnerable FortiOS build? Is there a fix? Is it on CISA KEV? That reflex is correct for a vulnerability. It is useless here.

FortiBleed is not the output of an exploit chain against unpatched code. It is the output of a long, patient credential-harvesting campaign, and the credentials it produced work regardless of patch level. A device that was fully updated this morning is in the dataset because its password leaked, not because its software was vulnerable. The 2025 Belsen Group dump of ~15,000 FortiGate configurations — built on the 2022 zero-day CVE-2022-40684 — is folded into this larger set, but FortiBleed is a distinct, much larger, and fresher collection.

The credentials themselves were stored as plaintext inside exported configuration files, or as salted SHA-256 — crackable on commodity GPUs. Fortinet only moved admin password storage to PBKDF2 in early 2025, and only for devices where an administrator logged in after the update. Everything older was harvestable.

How the FortiBleed dataset was built — harvesting at industrial scale

The mechanism is the interesting part, because it is a closed loop that feeds itself. According to researcher Volodymyr "Bob" Diachenko, who discovered the exposed server, the operation ran approximately 1.16 billion credential attempts against more than 320,000 FortiGate targets to intercept SSL VPN authentication hashes, then cracked them on a 45-GPU cluster managed with Hashtopolis. A Russian-speaking group is the suspected operator.

Boiled down, the loop is:

• Internet-wide scan for FortiGate SSL VPN endpoints.
• Mass authentication attempts — password spraying, known-default lists, and replay of credentials harvested elsewhere — to capture and crack VPN auth hashes.
• Each compromised firewall becomes a listening post: it sits in the traffic path and collects every additional VPN credential that flows through it.
• Those fresh credentials feed straight back into the scanner, compromising the next ring of devices.

This is why the number is so large. It is not one breach of one vendor; it is a self-propagating harvest where the firewall — the device you bought to stop this — becomes the collection point. And once a valid VPN credential is in hand, the post-access steps are mundane and quiet: authenticate, export the configuration, and pivot into Active Directory. Diachenko's analysis describes exactly that AD pivot following the SSL VPN access.

Why a fully patched Fortinet VPN is still owned

The defensive industry has spent fifteen years building a machine optimised for one question: is this thing patched? Vulnerability scanners enumerate versions. Patch dashboards track fix coverage. KEV deadlines drive remediation cadence. Compliance frameworks ask for evidence that critical CVEs were closed inside the SLA. All of that infrastructure is pointed at software defects.

FortiBleed is not a software defect. It is a valid-credential problem, and the patch-centric machine is structurally blind to it:

Auditor: "Show me your Fortinet patch status." You: "100%. Every appliance on the latest FortiOS, every June advisory closed inside the deadline." Auditor: "Good. So you're not in FortiBleed?" You: "…we're in FortiBleed."

Both statements are true at the same time. Patch compliance and credential compromise are orthogonal. You can be perfect on one axis and owned on the other, and nothing in a version-and-patch view of the world will tell you which.

This is the same shape as several incidents we have covered — a valid login that no control flags as hostile. It is the structural cousin of the Check Point VPN bypass, where a successful authentication left no identity artefact for the IdP to catch. FortiBleed removes even the bypass: the attacker isn't evading authentication, they are passing it.

The detection gap: valid credentials don't trigger anything

Walk an authenticated FortiBleed session past each defensive layer and watch them all return green:

Defensive control	What it sees	Verdict
Vulnerability scanner	Latest FortiOS, no known CVE	Clean
Patch dashboard	100% remediation coverage	Compliant
Firewall / SSL VPN auth log	Successful login, correct password	Authorised
Identity provider (SSO)	Valid session, valid credential	Trusted
Signature-based EDR/NDR	No exploit payload, no known malware	Nothing to match

Every control is doing its job correctly, and the attacker walks straight through. The only place the compromise becomes visible is in behaviour after the login: an administrative session opening from an autonomous system this firewall has never been managed from, a full configuration export at an odd hour, a brand-new tunnel reaching a network segment that VPN users have never historically touched, and then SMB and LDAP traffic fanning out toward domain controllers. None of that is a signature. All of it is a pattern in the traffic, and it is happening while the operator is still inside — not in tomorrow's SIEM digest.

That is the gap. When the credential is valid, the wire is the only honest witness left.

What CISA actually told Fortinet defenders to do

CISA issued guidance the same day the leak surfaced, and it is worth reading for what it does not lead with. The first instructions are not "patch." They are about credentials and traffic. CISA advised organisations to:

• Terminate all SSL VPN and administrative sessions immediately.
• Reset every VPN and administrative password.
• Enforce phishing-resistant multi-factor authentication.
• Review logs for unauthorised access and lateral movement.
• Migrate admin credential storage to PBKDF2.
• Restrict firewall management from the public internet and remove unauthorised accounts.

Note the fourth item. Resetting passwords closes the door going forward; it does nothing about the attacker who already walked through it and established persistence weeks ago. "Review logs for lateral movement" is the real work, and it is exactly the work that signature tooling and patch dashboards cannot do — because there is no signature and no missing patch to find. Independent confirmation from CyberInsider and others puts the same emphasis on assuming compromise rather than assuming patch level protects you.

Reframing the Fortinet VPN credential problem with Zero Hunt

If the attacker's whole advantage is that a valid credential plus lateral movement looks like normal administration, then the defence has to operate where that disguise breaks down: the network, behaviourally, in real time.

That is the design centre of Zero Hunt's AI Traffic Analysis. It is a proprietary deep-learning model trained on billions of PCAP sequences, with four parallel inference heads — suspicious traffic, malware classification, attack-type identification, and application fingerprinting — running locally on the appliance GPU at a 2.7+ Gbit/s baseline. It does not ask whether a login was authorised; it asks whether the behaviour of that session matches anything this network has ever done. An admin tunnel from a never-seen ASN, a config export followed by SMB and LDAP fan-out toward domain controllers — that is precisely the SSL-VPN-to-Active-Directory pivot FortiBleed operators run, and it is visible as a traffic pattern while it is happening, not after the data is gone. When the credential is valid and the firmware is current, wire-speed behavioural analysis is the witness CISA's "review logs for lateral movement" instruction actually requires.

The second half of the answer is not waiting to be attacked to find out you are exposed. Zero Hunt's 10-agent generative pentest includes a dedicated Credential agent, and the engine's threat-intelligence layer continuously syncs 21 sources — including Have I Been Pwned and SecLists' 330+ default-credential corpus. A scheduled, change-triggered campaign sprays known-leaked and default credentials against your own perimeter under assumed-breach conditions and tells you which of them still authenticate — before a Russian-speaking crew with a 45-GPU cluster finds out for you. Every finding is ECDSA-signed at write time, so when the auditor asks "are you in FortiBleed?" you have a verifiable answer instead of a patch percentage that was never the right question.

FortiBleed will not be the last credential dump of the year. It is a reminder that "fully patched" and "secure" stopped being synonyms a long time ago — and that the only place a valid-credential intrusion shows itself is in the traffic it generates. That is the surface worth watching. See how the platform watches it.