: Investigations suggest the data was likely stolen in late 2022 . The leak is believed to be the result of attackers exploiting a specific authentication bypass vulnerability, CVE-2022-40684 , which allowed administrative access to affected FortiOS, FortiProxy, and FortiSwitchManager products.
: Ensure your firmware is updated to versions that patch CVE-2022-40684 .
The leak contains approximately and VPN credentials from Fortinet FortiGate firewalls . Key Details of the Leak
Unknown group releases Fortinet config files and VPN ... - Heise
: Examine your firewall logs for any unauthorized administrative access dating back to late 2022.
: Immediately change all administrative and VPN passwords.