Article mentions the passwords were hashed with sha256 plus a salt. For a long password more than say 12 characters this would take a very long time to brute force. My guess is a lot of these were dictionary attacks ?

>The data comprises of roughly 50% of all Fortinet firewall devices facing the internet, based on polling from Shodan.

Jesus wept. When will companies stop using garbage products like this?

The company isn't known in the security industry as Faultygate for nothing. Even in a industry known for its crappy products, Faultygate still manages to stand out.

Narrator: They won't

Next year it will be come other company

And the year after that yet another, and so the cycle continues.