Hacker leaks passwords for 5 lakh Internet-connected devices

Yolanda Curtis
January 23, 2020

According to aZDNet report, the leaked Telnet credentials included usernames, passwords as well as IP addresses from Internet of Things (IoT) home devices, home routers, and servers.

It is unclear how numerous credentials published remain valid, as the lists are all dated between October and November 2019.

According to ZDNet, the list included each device's IP address as well as the username and password for its telnet service, the network protocol used to access and control a device over the internet.

What's more, Telnet is an obsolete remote login protocol that points to the prevalence of preventable security issues undermining the safety of consumer devices.

In order to get hold of these credentials, the hacker scanned the entire internet and looked for devices exposing their telnet ports. One expert told the media site Computing that Telnet "belongs in the museum of hilariously bad security issues".

This hacker has publically leaked all the usernames and passwords so anyone who has the knowledge to use it can use it easily.

ZDNet used IoT search engines like BinaryEdge and Shodan and found that some devices were situated on the networks of known internet service providers (ISPs) (indicating they were either home router or IoT devices), but other devices were found on the networks of major cloud service providers.

It added that the list of leaked credentials of users was posted online by someone who maintained a DDoS-for-hire (DDoS booter) service. A skilled attacker can use the outdated IP addresses to figure-out the service providers and re-inspect the Internet Service Provider's Network to get the updated IP addresses. The new model is based on using high output servers by renting them from cloud service providers. In August 2017, over 33,000 Telnet credentials, including IP address, device username, as well as passwords remained exposed online for more than three months.

Also, it is recommended to use strong passwords, which has a combination of alphabets, numbers, and typical characters.

Other reports by iNewsToday