: Immediately change all administrative and VPN passwords.
: Examine your firewall logs for any unauthorized administrative access dating back to late 2022.
: Investigations suggest the data was likely stolen in late 2022 . The leak is believed to be the result of attackers exploiting a specific authentication bypass vulnerability, CVE-2022-40684 , which allowed administrative access to affected FortiOS, FortiProxy, and FortiSwitchManager products. Configs Leaked.rar
The leak contains approximately and VPN credentials from Fortinet FortiGate firewalls . Key Details of the Leak
: Ensure your firmware is updated to versions that patch CVE-2022-40684 . : Immediately change all administrative and VPN passwords
So the data was probably stolen in the fall of 2022, but where and how did the unknown attackers obtain the sensitive information? heise online
The file is linked to a significant cybersecurity incident involving the Belsen Group (or a group using that name) that surfaced around mid-January 2025. The leak is believed to be the result
: Because these configuration files are not typically stored centrally by the manufacturer, security experts believe the leak originated from individual firewall exploits rather than a breach of Fortinet's own systems. Response and Remediation