A hacker posted a trove of Telnet credentials for more than 515,000 servers, IoT devices and routers on a hacking forum.
The leaked lists, dated October and November of last year, were published by someone who runs a DDoS-for-hire service and include usernames, passwords and IP addresses, according to a report by ZDNet. The hacker, the report said, scanned the internet to find devices with exposed Telnet ports then ran factory-set credentials and as well as custom password combinations to build bot lists that let hackers access the devices and install malware.
Noting that many of devices likely had been compromised months or
years ago, Ekaterina Khrustaleva, COO of ImmuniWeb,
said, “It’s likely all these devices have been present on many blacklists for
a while already.”
While the current Telnet leak is “a colorful reminder about the
skyrocketing number of unprotected IoT and network devices that in a few years
may become the main substance for DDoS botnets difficult to shut down.” Khrustaleva said, “a comprehensive
inventory of the devices, maintenance of firmware and restrictions around
connecting from the Internet are the very fundamental precautions for all users
who don’t want to give away their device to the attackers.”
She said she wouldn’t “assign much importance to this particular
incident,” explain that on “the dark web, it’s fairly easy to acquire larger,
and otherwise better lists of compromised and backdoored devices that are
poised to remain under the buyer’s control for a while.”