TEMPO.CO, Jakarta - The massive leakage of network security credentials from Fortinet devices, dubbed "FortiBleed," is reportedly threatening hundreds of organizations across Indonesia. The breach involves the exposure of access data for FortiGate devices, one of the most widely used firewall and VPN services by both public and private institutions.
The issue has sparked intense discussion on social media after several cybersecurity researchers and activists revealed the immense scale of the data exposure. In a post on the Threads platform, user account klaudichin mentioned that nearly half of all Fortinet devices connected to the internet have been compromised by the credential leak.
"Just imagine, almost half of all Fortinet firewalls connected to the internet worldwide have had their credentials leaked to unauthorized individuals. This is not a mere assumption. These are facts verified by researchers," the account stated.
According to the same post, the malicious campaign has been named FortiBleed. The leak is claimed to have impacted roughly 75,000 Fortinet firewalls and VPNs scattered across 194 countries. Additionally, more than 21,000 unique domains are reportedly included in the leaked dataset. The incident is already being labeled as one of the largest perimeter security failures ever recorded.
Critical Infrastructure in the Crosshairs
Alfons Tanujaya, a cybersecurity and digital forensics practitioner from PT Vaksincom, confirmed that the FortiGate credential leak poses a severe threat to organizations relying on the affected devices.
"Almost 50 percent of all FortiGate devices have suffered a credential leak, and this is a very serious threat to institutions using FortiGate," Alfons told Tempo when contacted on Tuesday, June 23, 2026.
According to him, this breach targets FortiGate Firewall and FortiGate SSL-VPN Gateway devices that organizations deploy to secure access to their internal networks. The compromised credentials could be exploited by cybercriminals to gain unauthorized entry into an organization's systems.
"In Indonesia alone, at least 50 FortiGate user institutions have been affected, including iconPLN, Telkom, the Ministry of Manpower, e-commerce platforms, as well as state and private commercial banks," he added.
He further noted that the threat remains active and ongoing as the compromised VPN credentials continue to circulate widely. "If exploited, it means attackers can gain access to the intranet networks of affected institutions, leading to critical data breaches and total system takeovers," Alfons warned.
He assessed that the worst-case scenario for this incident could target vital national infrastructure and public services. Attackers could potentially deploy ransomware, disrupt critical operations, and misuse access to financial and telecommunications infrastructure.
"It is a frightening but very realistic scenario. If critical infrastructure is affected, it could trigger power outages in an entire city, intercept unencrypted internet traffic, or even transfer bank balances," he pointed out.
Cybersecurity Experts Urge Immediate Action
To mitigate these severe risks, Alfons urged all organizations using FortiGate to take immediate corrective measures. The recommended step includes changing all administrator and VPN passwords.
"Don't wait for the check results. Just assume the passwords have already been compromised. Reset all of them, including employee VPN accounts. It is like replacing all the physical locks in a building after learning that duplicate keys are circulating outside," he advised.
Furthermore, organizations are urged to terminate all active VPN sessions, ensure that administrative access pages are blocked from the public internet, upgrade firmware to the latest FortiOS versions 7.2.11, 7.4.8, or 7.6.1 and above, which utilize a more robust password storage system (PBKDF2), and immediately activate two-factor or multi-factor authentication (2FA/MFA).
"Even if a password is leaked, criminals still cannot gain access without verification via a mobile device. It is like adding a fingerprint scanner right next to the keyhole," Alfons concluded.
Read: Researcher Unveils Cyber Security Flaw in Google Chrome
Click here to get the latest news updates from Tempo on Google News
:strip_icc():format(jpeg)/kly-media-production/medias/4382809/original/074926600_1680593144-top-view-hand-holding-silver-coins.jpg)
:strip_icc():format(jpeg)/kly-media-production/medias/4016804/original/046265400_1652067919-KPK_4.jpeg)
:strip_icc():format(jpeg)/kly-media-production/medias/5518245/original/007067800_1772495256-1.jpg)
