logo

SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the Most Extensive Dataset on the Fortinet Credential Leak

ID: 5d626143-83cd-5487-990a-ba0e20d32f91

STIX ID: report--5d626143-83cd-5487-990a-ba0e20d32f91

Feed Name: SOCRadar Blog

Threat Score
90/100

Date Published: 2026-06-17

Date Updated: 2026-06-18

Author: Yağmur Ernalbant

...
...

SOCRadar publicly released a FortiBleed Exposure Checker and the results of its investigation into a massive Fortinet credential leak: attackers scanned ~59.3M hosts, identified ~437K FortiGate devices, performed hundreds of millions to billions of brute-force attempts, compromised 80K+ appliances, passively sniffed traffic across 16K+ corporate networks, harvested 105M+ credentials and used GPU cracking to recover plaintext passwords, with confirmed exfiltration including a NATO-aligned defense contractor. SOCRadar offers the dataset and coordination with CERTs and recommends immediate credential rotation, MFA enforcement, and removal of internet-facing management interfaces.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.