Skip to Content
© Artmann-witte | Dreamstime.com
Security & privacy

Half a million VPN passwords leaked – Has your info been compromised?

We all know the dangers of data breaches. When large caches of information are leaked, victims are at risk of many serious issues, including identity theft and other costly and frustrating cybercrime. Tap or click here for details on a recent breach that hit a wireless carrier.

In many cases, the stolen information is put up for sale on the Dark Web. But in a recent data leak impacting users of a popular VPN service, hackers released the stolen data to the public for free.

The stash of information isn’t a small amount, either. Through investigations, it was determined that nearly 500,000 login details had been compromised. Keep reading to see if your data was exposed.

Here’s the backstory

Without going into much of the technical details, a hacker named Orange breached the Fortinet VPN service. While it isn’t exactly clear when the breach occurred, it contains the login credentials for 498,908 users and the IP addresses of over 12,856 devices.

Bleeping Computer says that it spans users from 74 countries, with India making up the bulk of the compromised logins. Taiwan makes up 8.4% of the stolen data, while Italy accounts for 7.9%. Of the 12,856 compromised devices, 2,959 are from the U.S.

The hacker seemed to have used a vulnerability that the Cybersecurity and Infrastructure Security Agency (CISA) warned against in April this year. The agency highlighted three major flaws in Fortinet’s systems, which can be used to breach government and commercial businesses.

What you can do about it

The flaw, which has been given the designation of CVE-2018-13379, has thankfully already been patched. But that doesn’t mean that everybody is safe from future attacks. Independent investigations confirmed that some of the exposed login details are still valid.

If you use the Fortinet VPN service, you must immediately change your login details. It is always a good idea to change your password for any service after a data breach or leak.

Administrators of Fortinet VPN servers should perform a forced reset of all usernames and passwords. It would also help to check the intrusion logs for attempted access.

Another solution is to use a VPN service that you can trust. Kim uses and recommends our sponsor, ExpressVPN. ExpressVPN works for Mac, Windows, Android, iOS, Linux, routers and more.

Visit ExpressVPN.com/Kim today and get an extra three months free on a one-year package. You can’t beat that!

Keep reading

Protect your wireless account from hackers with this one step

Hackers, scammers and advertisers are after you – 5 smartphone security steps to take now

Stop robocalls for good with Kim’s eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook