Security News > 2020 > January > Hacker Leaks More Than 500K Telnet Credentials for IoT Devices
Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.
A hacker has published a list of credentials for more than 515,000 servers, home routers and other Internet of Things devices online on a popular hacking forum in what's being touted as the biggest leak of Telnet passwords to date, according to a published report.
The leak-revealed in a report on ZDNet-demonstrates once again the inherent insecurity of the Telnet protocol as well as highlights persistent security flaws that could affect business networks as more and more so-called "Smart" devices connect to the internet from home networks.
The hacker compiled the list-which includes each device's IP address, as well as a username and password for Telnet-by scanning the entire internet for devices that were exposing their Telnet port, according to the report.
The one spot of good news for those owning devices on the list is that all the credentials leaked by the hacker are dated October to November 2019, which means some of the devices might now use different login credentials or run on different IP addresses, according to the report.
News URL
https://threatpost.com/hacker-leaks-more-than-500k-telnet-credentials-for-iot-devices/152015/
Related news
- Point of entry: Why hackers target stolen credentials for initial access (source)
- Hackers leak 2.7 billion data records with Social Security numbers (source)
- Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web (source)
- Hackers inject malicious JS in Cisco store to steal credit cards, credentials (source)
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms (source)
- Dell investigates data breach claims after hacker leaks employee info (source)
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)