Massive Theft of Business Security Credentials Affects Companies in 200 Countries

Cybercriminals have successfully compiled a list of working usernames and passwords for more than 30,000 Fortinet security devices that protect business networks across nearly 200 countries. These devices act as digital gatekeepers for companies, controlling who can access internal systems, employee records, and sensitive business information. The attackers are actively targeting organizations in various industries, and they now have verified credentials that actually work to break into these protected systems.

This breach affects employees at companies and organizations that use Fortinet devices for network security. If you work for a company that allows remote access or has employees who work from home, your employer likely uses security devices like these.

When hackers gain access to these systems, they can potentially view employee personal information, payroll records, health insurance details, and customer data. Your home address, Social Security number, bank account information for direct deposit, and other sensitive employment records could be at risk. Take action right now to protect yourself:

1. Contact your employer's IT or human resources department immediately to ask if your company uses Fortinet security systems and whether they have been compromised.
2. Change your work-related passwords, especially for VPN access, email, and any systems you use to access company resources remotely.
3. Monitor your bank accounts and credit reports closely for any unusual activity, since hackers with access to company systems may have viewed your direct deposit and tax information.
4. Be extremely cautious about any emails claiming to be from your IT department asking for passwords or personal information, as attackers often use stolen access to launch follow-up scams against employees. Protect yourself long-term by treating your work accounts with the same security mindset you use for banking. Never share work passwords with anyone, including family members. Use different passwords for work and personal accounts. If your company offers security training, take it seriously. Ask your employer what steps they are taking to protect employee data and what you should do if you suspect a breach. Consider freezing your credit if you work for an organization that may have been affected, as this prevents criminals from opening new accounts in your name even if they have your personal information.