FortiBleed leak exposes Fortinet VPN logins — check yours now

A newly uncovered data leak dubbed “FortiBleed” has exposed working VPN and admin credentials for roughly 75,000 Fortinet FortiGate firewalls around the world, as reported by BleepingComputer. Security researchers who reviewed the data confirmed that many of the usernames and passwords are genuine, and that most of the affected firewalls are still online. The credentials appear to have come from exported FortiGate configuration files and include usernames, email addresses and plaintext passwords.

This matters because FortiGate firewalls sit right at the edge of the network in a huge number of Australian businesses — they’re the front door, and everything else sits behind them. If your firewall’s credentials are in this dump, an attacker can log in over SSL VPN and walk straight into your network, then move sideways to your servers, files and Microsoft 365. When client or staff personal information is exposed in an attack like that, it stops being just an IT headache and becomes a reporting obligation under the Privacy Act’s Notifiable Data Breaches scheme.

Here’s what to do. Check whether your firewall appears in the leak — Hudson Rock has published a free FortiBleed lookup tool. Whether you’re affected or simply not sure, rotate every VPN and admin password now, enforce multi-factor authentication on all VPN accounts, get the firewall’s management interface off the public internet, and review your VPN logs for logins you don’t recognise. CISA has already issued the same advice to Fortinet users.

If you’d rather not work through that on your own, this is exactly what managed security is for — our cybersecurity team can check your exposure, rotate credentials and lock down remote access before anyone takes advantage of it.