The FortiBleed firewall attack is a stark reminder that the simplest security mistakes often cause the biggest disasters. A sweeping campaign has compromised tens of thousands of Fortinet firewalls and VPNs. Most strikingly, the attackers succeeded largely because organizations never changed their default passwords. Here is what happened and how to protect yourself.
What the FortiBleed Firewall Attack Involves
The scale of the campaign is significant. It targets devices that sit at the edge of corporate networks. CISA urged Fortinet customers with FortiGate appliances to secure against ongoing malicious activity aimed at thousands of internet-accessible devices, in a campaign codenamed FortiBleed, believed to be the work of Russian-speaking threat actors.
The numbers are sobering. The number of compromised devices stood at 86,644 as of June 19, 2026. bea
Why Default Passwords Were the Weak Point
Here is the most important lesson from this attack. The attackers did not need fancy tricks. Instead, they exploited basic credential failures. According to SOCRadar, generic admin accounts and built-in Fortinet system accounts together made up the majority of compromised credentials. bea
The root cause was poor password hygiene. This points directly to a widespread failure to rename default accounts or rotate factory credentials, giving the attacker a highly reliable target list before any brute force was even needed. bea
In other words, many organizations left the factory-set usernames and passwords in place. As a result, attackers already knew how to get in.
A Pattern Across 2026
This attack fits a worrying trend this year. Increasingly, attackers succeed without sophisticated tools. Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. CNBC
The lesson is consistent. Many of the biggest breaches of 2026 were not unstoppable attacks. Rather, they were preventable failures rooted in weak credentials, misconfigured systems, and basic oversights.
The Case for Protecting Data Too
Strong credentials are the first line of defense. However, they are not the only one. Because attackers will sometimes get in, protecting the data itself matters just as much.
This is where principles like data-centric encryption and confidential computing come in. By keeping sensitive data encrypted and isolated, organizations limit the damage when a device is compromised. In short, a breached firewall is far less catastrophic if the data behind it is locked down.
What You Should Do
The FortiBleed firewall attack offers clear, urgent lessons. First and most importantly, change all default passwords on every device, especially internet-facing ones like firewalls and VPNs. Second, rotate credentials regularly and remove unused accounts.
Third, apply security updates promptly, since CISA has flagged this as active and ongoing. Fourth, enable multi-factor authentication wherever possible to add another barrier. Finally, protect your sensitive data with encryption so a breach does not become a catastrophe. The attackers behind FortiBleed exploited the easiest possible weakness. Closing that gap is one of the simplest and most effective things any organization can do.
This article covers ongoing security threats. Organizations should consult official vendor advisories and apply patches promptly.
You may be interested in this article – Microsoft fixes 198 flaws and 3 zero days/patch now.
