Bot list with Telnet credentials for more than 500,000 servers and IoT devices leaked online

Pierluigi Paganini January 19, 2020

The availability online of a new collection of Telnet credentials for more than 500,000 servers, routers, and IoT devices made the headlines.

A hacker has published online a massive list of Telnet credentials for more than 515,000 servers and smart devices, including home routers. This is the biggest leak of Telnet passwords even reported.

According to ZDNet that first published the news, the list was leaked on a popular hacking forum by the operator of a DDoS booter service.

The list includes the IP address, username and password for the Telnet service for each device.

The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords.

“As ZDNet understands, the list was published online by the maintainer of a DDoS-for-hire (DDoS booter) service.” reported ZDNet.

“When asked why he published such a massive list of “bots,” the leaker said he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers.”

The lists leaked online are dated October-November 2019, let’s hope that Internet Service Providers will contact ZDNet to receive them and check if the devices belong to their network and secure them.

In August 2017, security researchers Ankit Anubhav found a list of more than 1,700 valid Telnet credentials for IoT devices online

The list of thousands of fully working Telnet credentials was leaked online on Pastebin since June 11, 2017.

Many IoT devices included in the list have default and well-known credentials (i.e., admin:admin, root:root, or no authentication required).

Top five credentials included in the list were:

  • root:[blank]—782
  • admin:admin—634
  • root:root—320
  • admin:default—21
  • default:[blank]—18

The popular researcher Victor Gevers, the founder of the GDI Foundation, analyzed the list and confirmed it was composed of more than 8200 unique IP addresses, about 2.174 are accessible via Telnet with the leaked credentials.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Telnet credentials, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment