Recently a Cybercriminal group has allegedly stolen and dumped a huge trove of roughly 5,00000 login credentials of users who use popular VPN products from cyber security company Fortinet.
According to the report of Bleeping Computer, the threat actor named “Orange” seemingly disclosed the pool of usernames and passwords Tuesday on a dark web forum. This is a big threat to uses because cybercriminals usually try to sell such credential data to others or use it for several evil purposes; Orange deceptively posted the large pull of information for free.
All the accounts are seemed to have been stolen purposefully via a previously exposed vulnerability in the product. A few months ago, in April, the federal agencies warned about the multi security flaws in Fortinet’s VPN that could allow cybercriminals to hack the database of the users.
No doubt Fortinet has been issued several security patches after this warning regarding the security flaws but sadly failed to protect its user’s data from the hackers.
Security Firm Advanced Intel on Cybercriminal
According to the research of Security firm advanced Intel, Orange is known as a member of the ransomware gang Groove. Previously worked for Babuk, a well-known ransomware gang that already tried to wrest the Washington D.C. Metropolitan police department for millions of dollars earlier this year.
Recently a new cybercrime forum called RAMP was launched by Groove, and researchers have predicted that the gang may have leaked all the VPN account details on their newly launched business venture.
When it comes to a Virtual private network or VPN, it’s specially developed to protect the user’s sensitive data and web activity. Still, if hackers can so easily compromise the privacy data of users, then it can become a nightmare. In such a scenario, access to Fortinet VPN accounts would likely allow cybercriminals to penetrate networks steal data, or anything worst that you can’t even think. Unfortunately, the threat actor responsible for the leak demanded that many of the credentials are still working perfectly, or you can say valid.
According to the report, the credentials are allegedly tied to 498,908 users and 12856 devices, likely sourced from more than 74 countries. Source says most of the credentials come from India; however, Israel, France, and Italy have substantial shares.
Fortinet, a well-recognized firm that usually deals with several security products, hasn’t mentioned anything about the leak. Soon the report will come, and we may get clear insides from Fortinet regarding this massive data leak. Hopefully, firms and other security organizations will also work to make their security tools even better.