A hacker has published online a massive list of Telnet credentials for more than 515,000 servers and smart devices, including home routers. This is the biggest leak of Telnet passwords even reported.
According to ZDNet that first published the news, the list was leaked on a popular hacking forum by the operator of a DDoS booter service.
The list includes the IP address, username and password for the Telnet service for each device.
The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords.
“As ZDNet understands, the list was published online by the maintainer of a DDoS-for-hire (DDoS
“When asked why he published such a massive list of “bots,” the leaker said he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers.”
The lists leaked online are dated October-November 2019, let’s hope that Internet Service Providers will contact ZDNet to receive them and check if the devices belong to their network and secure them.
Many IoT devices included in the list have default and well-known credentials (i.e., admin:admin, root:root, or no authentication required).
Top five credentials included in the list were:
The popular researcher Victor Gevers, the founder of the GDI Foundation, analyzed the list and confirmed it was composed of more than 8200 unique IP addresses, about 2.174 are accessible via Telnet with the leaked credentials.
(SecurityAffairs – Telnet credentials, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.