Enterprise VPN credentials leaked on hacker forum

News
By published

Usernames, passwords and IP addresses for 900 Pulse Secure VPN servers have been leaked online

Someone using a VPN on a PC.
Image credit: Shutterstock (Image credit: Shutterstock)

A list containing plaintext usernames and passwords along with IP addresses for over 900 VPN servers belonging to Pulse Secure VPN has been published online as well as shared on a hacker forum used by cybercriminals.

As reported by ZDNet who broke the story, the list's authenticity has been verified by multiple sources in the cybersecurity community and includes IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware versions, SSH keys for all 900 servers, usernames and cleartext passwords, admin account details, VPN session cookies and more.

The threat intelligence firm Bank Security first discovered the list online and then shared it with the news outlet. One of the company's security researchers noted that all of the VPN servers included in the list were running an older firmware version which is vulnerable to an authentication by-pass vulnerability tracked as CVE-2019-11510.

Researchers at Bank Security believe the hacker scanned all of the IPv4 addresses on the internet looking for Pulse Secure VPN servers and then exploited the vulnerability to gain access to the company's systems and server details. This information was then collected in a central repository and based on timestamps in the list, the  usernames, passwords and server details appear to have been collected between June 24 and July 8.

Pulse Secure VPN data dump

The threat intelligence company Bad Packets has been scanning the web for vulnerable Pulse Secure VPN servers since August of last year when the CVE-2019-11510 vulnerability was made public. ZDNet reached out to the firm regarding the list and its co-founder and chief research officer Troy Mursch provided further insight on the matter, saying:

"Of the 913 unique IP addresses found in that dump, 677 were detected by Bad Packets CTI scans to be vulnerable to CVE-2019-11510 when the exploit was made public last year."

Based on the list, it appears as if 677 companies failed to patch their VPN software since the vulnerability was made public. Now however, patching won't be enough as vulnerable organizations will also have to change their usernames and passwords to avoid falling victim to any potential attacks.

Businesses that use Pulse Secure VPN should patch their systems and update their credentials immediately as the list was also shared on a hacker forum frequented by multiple ransomware operators including the cybercriminals behind Sodinokibi and Lockbit. This means that the login details of many Pulse Secure VPN customers are not only available online but are most likely already in the hands of cybercriminals who will use this leaked data to their advantage.

  • Also check out our complete list of the best VPN services

Via ZDNet

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in VPN Privacy & Security
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
Latest in News
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about vpn privacy security
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.

Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background

A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
HDD

Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
See more latest
Most Popular
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone