Hacker released over 500 000 passwords to servers, routers and IoT devices

A hacker has reportedly published a massive list of Telnet credentials for over 500 000 servers, routers and other IoT “smart devices” on a popular hacking forum. The list includes the device’s IP address along with a username and password for the Telnet service which will allow unscrupulous individuals to login to the devices and control them remotely.

The list was compiled by scanning the internet for devices with exposed Telnet ports, and then tried using the default usernames and passwords or popular, simple password combinations. The list can then be used for DDoS attacks, and the publisher of the list reportedly runs a DDoS-for-hire service as well. So perhaps this is his “marketing strategy”?

ZDNet had asked the publisher about the list and he reportedly has upgraded from using IoT botnets (which is what these lists are good for) to renting high-output servers from cloud service providers. The lists are relatively outdated too with the data dated in the range of October to November 2019. Hopefully, the owners of the devices in the list have changed the credentials since then.

Just to be on the safe side, it would be prudent to change your passwords to your router or IoT devices. ZDNet discovered that some devices were located on networks of known ISPs, while others are located on the networks of major cloud service providers.

Featured image: Photo by Franck V. on Unsplash

Pokdepinion: Hm. Some of us do have pretty simple basic passwords. Stay safe guys.