
Massive Password Theft Campaign Targets Business Security Systems
Criminals stole credentials from Fortinet security systems to prepare for ransomware attacks. If your workplace uses Fortinet, discuss security updates with your IT team.
Source
BleepingComputer
Original headline: FortiBleed credential-theft campaign linked to Lynx ransomware
Plain-English summary by GetCyberRight. Read the full report at the source above.
Security researchers have linked a large-scale password theft campaign called FortiBleed to ransomware groups named INC and Lynx. The criminals targeted Fortinet security systems used by businesses to steal login credentials. These stolen passwords are being used to break into company networks and launch ransomware attacks that lock up files and demand payment.
This primarily affects businesses and organizations that use Fortinet security equipment. However, if you work for a company that uses these systems, a breach could expose your work email, employee records, payroll information, and other sensitive data.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Ransomware attacks can also shut down operations, affecting your ability to work and potentially delaying paychecks. If your employer gets hit with ransomware, your personal information in their HR systems may be compromised.
- Alert your IT department or manager about this threat if they have not already addressed it.
- Change your work password immediately and make sure it is different from your personal passwords.
- Enable multi-factor authentication on all work accounts if available.
- Be suspicious of any unusual requests to download files or click links in work emails.
- Back up any important work files you are allowed to save locally. Protect yourself from workplace breaches by keeping work and personal accounts completely separate. Never use your work email for personal shopping or social media. Use different passwords for work and home. If your company experiences a ransomware attack or data breach, assume your work information is compromised. Change passwords, watch for identity theft, and consider placing a fraud alert on your credit report. Ask your HR department what information about you might have been exposed.
Curated from trusted cybersecurity sources by GetCyberRight
Source: BleepingComputerStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Major Security Flaw Exposed 75,000 Business Firewalls. Here's Why It Matters to You
A security flaw called FortiBleed left 75,000 firewalls vulnerable. If your employer, school, or service provider uses Fortinet, your data may be at risk.
2 min read
Major Security Flaw Left 75,000 Business Firewalls Wide Open
A security problem called FortiBleed exposed business networks for years. If your workplace uses Fortinet systems, ask IT about updates.
2 min read
If Your Business Uses Fortinet Security Software, Take Action Now
Criminals stole login credentials from Fortinet security systems and are using them to break into business networks and install ransomware.
2 min read
Kubota Tractor Company Had Hackers in Its Systems for Over a Month
Kubota North America revealed hackers accessed its network systems for more than 30 days. Customer information may have been exposed during this time.
2 min read