Fortinet Strikes Again: What Small Businesses Need to Know About the Latest Credential Leak

If you felt a disturbance in the cybersecurity force recently, you weren’t imagining it. Fortinet is back in the headlines again, and this time it’s because tens of thousands of VPN credentials have been leaked online. Yes, leaked. As in publicly available. As in “please change your password before someone else logs in before you do.”

For small businesses that rely on Fortinet firewalls and VPNs, this isn’t just another tech news story. It’s a real security event with real implications. And while it’s tempting to roll your eyes and mutter something unprintable about vendors, this is one of those moments where taking action quickly actually matters.

Let’s break down what happened, how to check if your company is affected, and what steps you should take right now to protect your business.

What Actually Happened

A threat actor dumped a massive collection of Fortinet VPN credentials online. We’re talking usernames, passwords, and device details for more than 70,000 Fortinet devices. These credentials weren’t scraped from phishing emails or stolen from end users. They were extracted directly from vulnerable Fortinet systems.

In plain English: if your Fortinet firewall was exposed and unpatched, there’s a chance your VPN credentials were quietly harvested and are now circulating in places you don’t want your company mentioned.

This isn’t theoretical risk. These credentials can be used to log directly into your network. No malware required. No phishing needed. Just a username and password that someone else now has.

How to Check if Your Business Is Exposed

Fortunately, you don’t need to be a cybersecurity researcher to figure out whether your company is on the list. Hudson Rock has created a lookup tool that lets you check whether your Fortinet device is part of the leaked dataset.

Here’s how to check:

1. Visit the Hudson Rock Fortinet exposure checker - https://www.hudsonrock.com/fortinet

2. Enter your company email domain

3. Review the results to see if any of your Fortinet VPN credentials appear in the leak

4. If you see your domain listed, assume those credentials are compromised and act immediately

This is one of the rare times where “better safe than sorry” isn’t just a saying. It’s a strategy.

What Small Businesses Should Do Next

Even if your company doesn’t appear in the leaked dataset, this is a perfect moment to tighten up your security basics. If you do appear in the dataset, these steps aren’t optional. They’re urgent.

1. Rotate All VPN Passwords

Not just the ones you think might be affected. All of them. If a password was exposed, it’s already too late to “monitor for suspicious activity.” Change it.

2. Enforce MFA for Every User

If you don’t have MFA enabled on your VPN, this is the time to fix that. MFA turns a stolen password into a useless password. It’s one of the simplest, highest‑impact security controls available to small businesses.

3. Patch Your Fortinet Devices

Make sure your Fortinet firewalls and VPN appliances are fully updated. Many of the leaked credentials were harvested from devices that were missing critical patches.

4. Review VPN Access Logs

Look for unusual login times, unfamiliar IP addresses, or repeated failed login attempts. If someone has been poking around, you want to know.

5. Limit Who Actually Needs VPN Access

Small businesses often give VPN access to more people than necessary. Now is a great time to clean up that list.

6. Consider a Security Review

If your business doesn’t have internal security expertise, this is the kind of event that justifies bringing in outside help. A quick assessment can reveal hidden vulnerabilities you didn’t know you had.

Why This Matters for Small Businesses

Large enterprises have security teams, monitoring tools, and dedicated staff who live and breathe this stuff. Small businesses don’t. That’s why credential leaks like this hit small organizations harder. A single compromised VPN login can lead to ransomware, data theft, financial fraud, or weeks of downtime.

The good news is that small businesses can dramatically reduce their risk with a few practical steps. Password rotation. MFA. Patching. Access reviews. These aren’t expensive or complicated, but they make a huge difference.

Need Help Navigating This?

If you’re not sure whether your business is exposed, or you want help tightening up your security posture, this is exactly what Actionable Security’s advisory services are built for. Our vCISO program gives small businesses access to experienced security leadership without the enterprise‑level price tag.

Learn more at: https://actionablesec.com/vciso

#FortinetAgain #RotateYourPasswords #MFAIsYourFriend #SmallBusinessSecurity