Major Security Device Attack Collected Millions of Passwords. Check Your Business Network.
Hackers targeted security equipment used by businesses worldwide, potentially exposing 110 million login credentials since February 2026.
Source
The Hacker News
Original headline: FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
Plain-English summary by GetCyberRight. Read the full report at the source above.
A massive hacking operation called FortiBleed has been attacking FortiGate firewalls, which are security devices that businesses and organizations use to protect their computer networks. The attack has targeted over 430,000 of these devices around the world. Hackers have been collecting usernames and passwords, then using those stolen credentials to break into other systems. This campaign has been running since February
This attack primarily affects businesses, schools, hospitals, and other organizations that use FortiGate firewall equipment to protect their networks. If you work for a company or if your children attend a school that uses these devices, the hackers may have stolen login credentials that could give them access to sensitive information. While this is not a direct attack on home internet users, it could affect you if an organization you interact with has been compromised. The stolen credentials could potentially be used to access email accounts, employee portals, or customer databases. If you work for an organization, especially if you handle IT or security, contact your technology department immediately to ask if your company uses FortiGate firewalls and whether they have checked for this vulnerability. For everyone else, take these immediate steps:
Change passwords for any work-related accounts, especially if you have not changed them since February
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Enable two-factor authentication on all work accounts if available.
Watch your work email carefully for suspicious messages or password reset requests you did not initiate.
Be extra cautious about emails asking you to click links or download files, even if they appear to come from coworkers. This attack highlights why organizations need to keep their security equipment updated and why everyone should use unique, strong passwords for different accounts. Never reuse the same password across multiple sites. Consider using a password manager to keep track of different passwords safely. Two-factor authentication adds a critical second layer of protection, making it much harder for criminals to access your accounts even if they steal your password.
Curated from trusted cybersecurity sources by GetCyberRight
Source: The Hacker NewsStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
The New Reality: AI Is Changing Digital Safety Faster Than Families Can Keep Up
AI has rewritten the rules of digital safety. Old guidance still helps, but it no longer protects on its own. Here is what changed and what families should do about it.
6 min read
AI Cyberattacks Are Months Away: What Families Need to Know Now
Five major intelligence agencies warn AI-powered cyberattacks are imminent. Here's what's changed and how to protect your family today.
3 min readAI Cyberattacks Are Coming in Months, Not Years: What Families Need to Know
The Five Eyes intelligence alliance warns that AI-powered cyberattacks will surge within months. Here's what your family should do now to stay protected.
3 min readMajor Security Attack Targets Business Firewalls Worldwide
Hackers collected over 110 million login credentials by targeting security devices used by businesses. This mainly affects workplace systems, not home users.
2 min read