JAKARTA - Virtual Private Networks or VPNs have long been used to hide someone's actual location and activity on the Internet, either for security purposes or to bypass region locks.

However, who would have thought if the VPN was attacked by hackers? Yes, VPN company Fortinet recently suffered an attack that caused the data of as many as 500,000 usernames and passwords to spread across the internet. In fact, it's all accessible for free.

Indeed, a VPN is one of the standard arsenals in network security, but a VPN is not a bulletproof solution, especially if the VPN itself is being hacked. VPNs naturally run on remote servers and, like other computer services, can be targeted by bad actors.

In April, a server running FortiOS Fortinet was reportedly attacked by a state sponsored actor. It appears that the same vulnerability was exploited by one hacker who is now only leaking the payload for other hackers to use.

The threat actor, identified by the nickname Orange, is the leader of the new RAMP hacking forum and the Groove ransomware operation. Orange reportedly abandoned the older Babuk ransomware group to found RAMP and Groove. Maybe to promote new operations and recruit other hackers, but Orange only leaked 500,000 passwords to show off.

Those 500,000 credentials, including Fortinet VPN passwords and usernames, were taken from vulnerable devices in recent months. While the current vulnerable server has been successfully patched, the actual credentials can still be actively used.

BleepingComputer confirmed that the IP address was linked to the Fortinet VPN server, while the source verified that some of the leaked passwords were still valid.

This leak certainly compromised the security and integrity of Fortinet's VPN servers, given that it could be used by hackers to steal data or install ransomware on other computers. Unfortunately, the only recourse at this point is for the server owner to have to reset all user passwords to close the leak hole that has been opened. Thus quoted from Slashgear, Friday, September 10.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)