Seventy-five thousand Fortinet firewalls just got their secrets spilled. And no, it wasn’t a fancy zero-day exploit or some high-tech hack. It was old passwords. Yes, you read that right—old, recycled, leaked passwords cracked en masse. The scale? Mind-blowing. Nearly half of all internet-facing FortiGate devices worldwide.

How Did This Happen? The Password Avalanche

Attackers launched a brute-force blitzkrieg. They scanned the internet, hunting for Fortinet firewalls that exposed their management portals online. Then they unleashed a gigantic password spray attack using a curated list of credentials from previous leaks. No new vulnerabilities needed.

The hackers didn’t just guess passwords. They intercepted VPN authentication hashes and cracked them using a monstrous GPU cluster—45 GPUs firing off over a billion credential attempts. The operation was a relentless storm of login attempts, powered by custom tools running thousands of threads in parallel.

Once inside a device, attackers turned firewalls into listening posts. These gateways meant to block intruders became their vantage points to capture fresh credentials flowing through networks. The attackers even moved laterally, targeting central authentication systems like Microsoft Active Directory and Radius servers.

Who’s Impacted? The Global Hit List

The breach spans 194 countries and hits 73,932 unique Fortinet devices. The affected organizations read like a who’s who of global business and industry. Oracle, Samsung, Lenovo, FedEx, Chevron, Siemens, Comcast, PwC, Accenture—and yes, Fortinet itself—are all on the list.

Even defense contractors weren’t safe. A Turkish NATO contractor lost classified documents after attackers fully compromised their network. Other victims spread across Japan, Taiwan, Vietnam, Iraq, and more.

Germany alone has about 120 affected devices, including corporate networks of major players like Mercedes-Benz and Deutsche Telekom. The fallout is massive because many of these firewall management interfaces were accessible from the internet without strong protections.

What Does This Mean? The Road Ahead for Defenders

This leak is a wake-up call. No zero-day magic here—just poor password hygiene scaled up to industrial levels. The attack proves that if you reuse passwords or neglect multi-factor authentication, your fancy firewall won’t save you.

Security experts urge all Fortinet users to immediately:

• Rotate all FortiGate admin and VPN passwords with strong, unique ones.
• Enable multi-factor authentication (MFA) on all external access points.
• Restrict management interfaces to trusted IP ranges only.
• Audit logs for suspicious login activity and signs of lateral movement.
• Remove dormant or unused accounts to shrink attack surfaces.

Fortinet insists this data comes from older incidents and brute force, denying fresh breaches. But independent researchers have confirmed the credentials are real and many devices remain online and vulnerable.

In a world where VPNs and firewalls guard our digital gates, attackers now weaponize them as inside lookouts. The fallout could spread far beyond the firewall itself.

Final Thoughts: Security Is a Process, Not a Product

This massive credential leak shows cybercriminals don’t always need fancy exploits. Sometimes, they just need your old passwords. And they have the computing power to crack them all.

Will organizations learn to treat passwords like precious keys and enforce strict access controls? Or will attackers keep sweeping through digital front doors unlocked by complacency? The coming months will reveal the answer.

One thing’s clear: It’s time to change passwords. Right now. No exceptions.