Tens of thousands of corporate firewalls just got pwned because someone didn't change their password

If your company's cybersecurity strategy involves setting up an expensive enterprise firewall and then just... leaving the default or previously leaked passwords intact, congratulations - you may be starring in the latest chapter of a global hacking spree.

According to a report from TechCrunch, an alleged Russian-speaking cybercriminal group has reportedly compromised tens of thousands of Fortinet firewalls and VPN devices belonging to major companies around the world. The attack vector? Previously known passwords. Not zero-days. Not some galaxy-brained exploit. Passwords. That were already known. To be. Compromised.

Wait, so these passwords were just... lying around?

Essentially, yes. Fortinet makes some of the most widely deployed network security hardware on the planet, which means it's also a very attractive target. When credentials for these devices get leaked or exposed in prior breaches and nobody bothers to rotate them, attackers can just walk right in. No lock-picking required when someone left a copy of the key under the mat.

The scale here is genuinely unsettling. We're not talking about a handful of small businesses. Major companies - the kind with actual IT departments - are allegedly among the affected. Which raises the deeply uncomfortable question of how a "known password" problem survives long enough to become a mass exploitation event at enterprise scale.

This is a very embarrassing way to get hacked

There's a spectrum of ways to get breached. On one end, you've got sophisticated nation-state actors deploying previously undiscovered exploits against hardened targets. On the other end, you've got this - allegedly getting popped because a list of old passwords was still valid.

For IT and security teams everywhere, this is the cyber equivalent of leaving your front door unlocked and then being surprised your TV is gone. Credential hygiene - rotating passwords, enforcing multi-factor authentication, monitoring for leaked credentials - is about as foundational as cybersecurity gets. And yet, here we are.

What should actually happen now

If your organization runs Fortinet gear (and statistically, a lot of you do), this is your very loud, very public reminder to audit your credentials immediately. Check for any exposed or reused passwords, enable MFA where possible, and make sure your devices are running updated firmware.

The broader lesson, as always, is that security is not a product you buy and forget. A firewall with a compromised password isn't protecting anything - it's just expensive furniture with a blinking light on it.

The full reporting on this incident is available via TechCrunch.