The Japanese National Police Agency reported that they were hacked 46 times using a VPN vulnerability.
The Japanese National Police Agency (NPA) reported that they were hacked 46 times between August 2019 and mid-November 2020 using a VPN vulnerability.
According to the NPA, they were breached because IDs and passwords to access the VPN they provide external companies they deal with were allegedly stolen.
Despite the breach, the NPA claimed that no data was leak because contract-related data were systematically deleted after the contract period is over.
“It’s extremely embarrassing that the NPA was successfully attacked when it should have a computer security system that is unbreachable,” said the NPA.
The NPA said they were made aware of the breach after the Metropolitan Police Department informed them about 50,000 VPN devices, including the one used by the NPA, that were posted by hackers on a bulletin board site.
The VPN devices on the list were all manufactured by Fortinet of the United States which the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported as vulnerable a last year.
CISA has already disclosed that there was a possible password leak in late November but it is unknown if Fortinet or its users have implemented safety procedures.