Block These Recently Leaked VPN Passwords to Prevent Ransomware Attacks [new data]

Worried about ransomware attacks? Recent attack news indicates you should be looking to secure your VPN connections. Last week, we learned that thousands of Fortinet VPN passwords had been leaked on the dark web by a former ransomware operator. The Specops research team obtained the leaked data and is sharing the results of their analysis. This analysis coincides with the latest update to the Specops Breached Password Protection service.

According to our team’s research, which analyzed the almost 175,000 passwords included in the leak, a lot of the most common passwords used for these VPN connections were weak. “Temporal2020” was found over 835 times in the dataset while “password” was found over 1522 times as a base word used in longer passwords.

Top 10 VPN Passwords

  1. Temporal2020 
  2. 123456 
  3. asdf123 
  4. Juzgado2020 
  5. pass@123 
  6. Password1 
  7. macaw777 
  8. P@ssw0rd 
  9. U-SG-SSL-General_User 
  10. 12345678 

Top 10 Base Words Used in Fortinet VPN Passwords

  1. password 
  2. temporal 
  3. juzgado 
  4. pass 
  5. welcome 
  6. p@ssw0rd 
  7. promesa 
  8. v3nt 
  9. asdf
  10. test 

The Fortinet leak comes just a few months after the Colonial Pipeline ransomware attack which was the result of a compromised VPN password.

In addition to the leaked VPN passwords, Specops updated the Specops Breached Password Protection with an additional 2 million passwords, likely to be used in network attacks. The additions come from 3rd party research as well as the Specops team’s internal attack monitoring systems that are set to capture passwords being used in spray attacks right now.

“This leak is unfortunate but not completely surprising. We know that ransomware attacks are continuing to rise and that the VPN password is a popular path in to then deploy ransomware,” said Product Specialist Darren James. “We saw it with the Colonial Pipeline attack, and now we see it here with this VPN leak. VPN passwords are still vulnerable and this data shows that people are still not choosing strong passwords. Even when preventing ransomware, organizations need to remember the security basics – enforce strong passwords checked against a breached list.”

Curious if you have any of these passwords in use in your organization’s Active Directory? You can find out how many of your Active Directory users are using compromised passwords like these by running a free, read-only scan with Specops Password Auditor. Read more and download it here.

With Specops Password Policy and Breached Password Protection, companies can block over 4 billion compromised passwords (including the ones from this Fortinet leak) in Active Directory. These compromised passwords include ones used in real attacks today or are on known breached password lists, making it easy to comply with industry regulations such as NIST or NCSC. Our research team’s attack monitoring data collection systems update the service daily and ensure networks are protected from real world password attacks happening right now. The Breached Password Protection service blocks these banned passwords in Active Directory with customizable end-user messaging that helps reduce calls to the service desk.

About Specops Software

Specops Software is the leading provider of password management and authentication solutions. Specops protects your business data by blocking weak passwords and securing user authentication. With a complete portfolio of solutions natively integrated with Active Directory, Specops ensures sensitive data is stored on-premises and in your control. Every day thousands of organizations use Specops Software to protect business data.

Media Contact

Media contact details can be found on this page.

(Last updated on November 5, 2024)

Back to Blog

Related Articles

  • Why is a leaked password list so important?

    Many of the major breaches come down to one simple (and overlooked) factor: the password. With password reuse, it only takes one compromised password to lead to a company breach.

    Read More
  • “Biggest leak of its kind” added to Specops Breached Password Protection

    STOCKHOLM – Today, Specops Software announced the addition of the latest HaveIBeenPwned (HIBP) password list update, v7, to its Breached Password Protection database. Over 226 million passwords from over 23,000 hacked databases are in HIBP v7, a collection of databases attributed to the now defunct data breach index site, Cit0Day. “This Cit0Day password set really…

    Read More
  • Identify and remove leaked passwords

    Stockholm, June 25, 2019 – Specops Software announced today a new release of Specops Password Policy. The solution’s downloadable leaked password list with close to one billion passwords, now supports leaked password scanning. The solution enables you to detect accounts using leaked passwords, and enforce a password change. Blocking leaked passwords is an important password…

    Read More