A gang of hackers have reportedly collected and emptied large numbers of around 500,000 login credentials belonging to users of a popular VPN product from cybersecurity firm Fortinet.
The menacing actor, who goes by the nickname “Orange,” apparently leaked a trove of usernames and passwords to a dark web forum on Tuesday, Bleeping Computer reported. While cybercriminals often try to sell this data or use it for their own nefarious purposes, Orange has apparently released the vast amount of information for free.
The accounts are believed to have been compromised via a vulnerability previously discovered in the product. In April, federal agencies have warned multiple security holes in Fortinet’s VPN that could allow hackers to access. The company has since been issued fixes for these security holes, although this apparently did not prevent many users from having their account information compromised.
According to research by security company Advanced Intel, Orange is said to be a member of the “Groove” ransomware gang. They are believed to have previously worked for Babuk, a large ransomware gang that tried to extort the Washington DC Metropolitan Police Department for millions of dollars earlier this year.
Groove recently launched a new cybercrime forum called RAMP, and researchers speculated that the gang may have leaked VPN accounts in order to draw attention to their new business venture.
Virtual private networks, meant to protect a user’s confidential data and web activity, can become a privacy nightmare if someone compromises them. In this case, accessing Fortinet VPN accounts would likely allow cybercriminals to infiltrate networks, steal data, or worse. Unfortunately, the threat actor responsible for the leak claimed that many credentials are still valid.
Identifiers would be linked to 498,908 users and 12,856 devices, with products sourced from 74 different countries. Most of the credentials come from India, although Italy, France and Israel also have significant shares.
Fortinet, which sells a number of security products, has yet to comment on the leak. We’ve reached out to the company for comment and will update this story if they respond.