[DigitalToday reporter Chi-gyu Hwang (황치규)] Tens of thousands of Fortinet firewalls and VPNs were hacked, TechCrunch reported on Tuesday, citing security firms Hudson Rock and SOCRadar.

The report said the attack did not exploit an unknown new vulnerability. It stemmed from companies failing to change firewall passwords or check whether credentials for sensitive internet-exposed systems had already been leaked.

Attackers used automated tools to scan Fortinet firewalls and VPNs exposed to the internet. They then broke in using previously leaked password lists. "Once inside a device, hackers use it as a base for eavesdropping to monitor passing traffic and collect additional credentials," SOCRadar said. "The collected passwords are then fed back into the scanner to compromise more devices."

Hudson Rock said more than 73,000 unique Fortinet URLs were hacked. SOCRadar estimated the number of compromised devices at more than 30,000. Hudson Rock said affected companies included Accenture, Comcast, Foxconn, Lenovo, Oracle, Siemens and PwC.

The countries with the most affected devices were India, the United States, Taiwan and Mexico, but the impact was global, Hudson Rock and SOCRadar said.