a misconfigured fortinet server exposed working administrator and vpn credentials for 86,644 internet-facing firewalls across 194 countries — roughly half of all public fortinet devices. no zero-day was involved; weak password hygiene and legacy hash storage were weaponized, meaning the exposure came from operator error at scale rather than a novel flaw.