Fortinet firewalls hit by massive password leak

Security researcher Bob Diachenko discovered an archive of 73,932 Fortinet/FortiGate VPN credentials from brute-force and exploitation campaigns. The plaintext usernames, emails, and passwords affected major firms including Chevron, Samsung, and Toyota. Fortinet urged password rotation and MFA, calling the leak a resharing of past incidents.