Security News > 2020 > April > Linksys forces password reset for Smart Wi-Fi accounts after router DNS hack pointed users at COVID-19 malware
Router biz Linksys has reset all its customers' Smart Wi-Fi account passwords after cybercrims accessed a bunch and redirected hapless users to COVID-19 themed malware.
Hackers with access to Linksys Smart Wi-Fi accounts were changing home routers' DNS server settings.
Jen Wei Warren, Linksys parent firm Belkin's global PR veep, told The Register that the original illicit access to customer routers through their cloud-hosted Smart Wi-Fi accounts was a successful credential-stuffing attempt using login details harvested from previous breaches elsewhere.
It said: "All Linksys Smart Wi-Fi accounts were locked at 8:00 pm PDT on April 2 because someone was logging in with email address and password combinations stolen from other websites."
We enforced a password change for all our Linksys Smart Wi-Fi Customers due to the recent COVID19 hacking.
News URL
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- MikroTik botnet uses misconfigured SPF DNS records to spread malware (source)
- Juniper enterprise routers backdoored via “magic packet” malware (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- Juniper patches critical auth bypass in Session Smart routers (source)