A hacker has published a list of Telnet credentials for more than 515,000 servers, home routers and IoT (Internet of Things) devices, on a popular hacking forum.
According to ZDNet, the list had been leaked online via a DDoS (Distributed Denial of Service) provider who had decided to upgrade his service from using IoT botnets to renting high-output servers from cloud service providers.
The list had been compiled by scanning the internet for devices that were exposing their Telnet port. Subsequently, the hacker tried using easy-to-guess passwords, or factory-set default usernames and passwords.
ZDNet explained that these types of lists are common, with many hackers building bot lists in order to use them to connect to the devices and install malware.
Although the lists contain credentials dating from October-November 2019, it is likely that some of these devices may be running on a different IP address, or utilising different login credentials.
“An IoT security expert (who wanted to remain anonymous) told ZDNet that even if some entries on the list are not valid anymore because devices might have changed their IP address or passwords, the lists remain incredibly useful for a skilled attacker,” explained ZDNet.
“Misconfigured devices are not evenly spread out across the internet, but they’re usually clustered on the network of one single ISP due to the ISP’s staff misconfiguring the devices when deploying them to their respective customerbases. An attacker could use the IP addresses included in the lists, determine the service provider, and then re-scan the ISP’s network to update the list with the latest IP addresses.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.