The vulnerability announcement and a patch came out in August of 2019 for the Pulse Secure VPN servers, but 677 of the 913 total servers are still vulnerable according to Bad Packets threat intelligence firm. Any company that uses Pulse Secure VPN should ensure that they have applied the patch to the servers, but also change the passwords for all users. The passwords must be changed, especially now after the data has been released. Many of the users’ passwords that were revealed in the breach files are not complex and could be guessed. It is important to educate users about picking strong passwords and to implement Multi-Factor Authentication (MFA) for remote access accounts. This information is widely available and is almost guaranteed to be used by ransomware criminal groups and by multiple APT groups. Ransomware operators and APTs use access to VPNs to steal data from companies since employees typically use these types of VPNs to access sensitive data on internal corporate networks. The original post was on a forum that is trafficked by many ransomware groups. This information can also be used by them to target the companies.

More can be read here: https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/