Virtual Private Networks or VPNs have long been wont to hide one’s actual location and activities on the web, either for security purposes or bypass region locks. It’s one among the quality arsenals in network security, but a VPN isn’t a bulletproof solution, especially if the VPN itself is that the one that gets hacked. That’s the nightmare scenario that users of the favored Fortinet VPN product are now finding themselves in after a hacker just dumped 500,000 user names and passwords on the web for absolutely free.
VPNs naturally run on remote servers and, like all computer services, are often targeted by malicious agents. For example, last April, servers running Fortinet’s FortiOS were reported to be under fire by state-sponsored actors. It seems that an equivalent vulnerability was exploited by a minimum of one hacker who has now leaked the payload for the other hacker to use.
That threat actor has been identified as “Orange,” the leader of a replacement RAMP hacking forum and a replacement Groove ransomware operation. First, Orange reportedly broke off with an older Babuk ransomware gang to determine RAMP and Groove. Then, perhaps to market the new operation and recruit other hackers, Orange leaked almost 500,000 passwords to point out off.
Those 500,000 credentials include logins and usernames of Fortinet VPN scraped from vulnerable devices within the past months. While the exploited vulnerability has already been patched, the credentials are still in active use. BleepingComputer confirmed that the IP addresses are linked to Fortinet VPN servers, while a source verified that a number of the leaked passwords are still valid.
This leak, of course, puts the safety and integrity of Fortinet VPN servers in danger, considering hackers often employ these to steal data further or install ransomware on other computers. Unfortunately, the sole recourse now which will be taken is for server owners to force reset all users’ passwords to shut the holes that the leak has laid open.