1.21.20 – SSI – Steve Karantzoulidis
The leaked information includes each device’s IP address, as well as a username and password for the remote access protocol that can be used to control devices over
2020 is just a few weeks old and has already seen its first major data breach. According to ZDNet, a hacker has released Telnet credentials for more than 515,000 servers, home routers and Internet of Things (IoT) devices.
The leaked information was posted on a popular hacking forum and includes each device’s IP address, as well as a username and password for the Telnet service, a remote access protocol that can be used to control devices over the Internet.
The list was compiled by scanning the entire Internet for devices that were exposing their Telnet port, according to experts who spoke with ZDNet, as well as a statement from the leaker himself. The hacker then tried using factory-set default usernames and passwords, or custom, but easy-to-guess password combinations.
This latest incident highlights the necessity for users to utilize two-factor authentication and resist the urge to use default, recycled or easy-to-guess passwords. Last month, hackers created tools specifically to attack Ring security cameras that utilized those vulnerabilities.
ZDNet says the list was published online by the maintainer of a DDoS-for-hire (DDoS booter) service.
When asked why he published such a massive list of “bots,” the leaker said he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers.
All the lists the hacker leaked are dated October-November 2019. Some of these devices might now run on a different IP address, or use different login credentials.
ZDNet did not use any of the username and password combos to access any of the devices, as this would be illegal — hence we are unable to tell home many of these credentials are still valid.
Using IoT search engines like BinaryEdge and Shodan, ZDNet identified devices all over the world. Some devices were located on the networks of known internet service providers (indicating they were either home router or IoT devices), but other devices were located on the networks of major cloud service providers.
As the year goes on, it will be interesting to see how many more incidents like this will occur. Will people finally stop using terrible passwords? Will manufactures start forcing users to change default passwords and enable two-factor authentication?