20 January 2020

A massive list of Telnet credentials for over half a million servers and smart devices published online


A massive list of Telnet credentials for over half a million servers and smart devices published online

A list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices has been published this week on a popular hacking forum. This marks the biggest leak of Telnet passwords up to now.

As per ZDNet, that first broke the news, the so called ‘bot lists’ include the IP address, username and password for the Telnet service for each device. The list appears to be the result of an Internet scan for devices using default credentials or easy-to-guess passwords. As for the source the leak, it appears that the list was shared online by the the maintainer of a DDoS-for-hire (DDoS booter) service.

In conversation with ZDNet, the hacker explained that he “upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers”. All the lists the hacker published are dated October-November 2019.

According to BinaryEdge and Shodan search results, the devices included in the lists are located all over the world with some of them located on the networks of known internet service providers, while many of the devices located on the networks of major cloud service providers.

Back to the list

Latest Posts

Hackers probing the Internet for vulnerable Microsoft Exchange servers

Hackers probing the Internet for vulnerable Microsoft Exchange servers

Exchange servers admins are urged to patch their servers before hackers could get to them.
28 February 2020
New Wi-Fi chip bug affects over a billion of devices, including smartphones, tablets, laptops, and IoT gadgets

New Wi-Fi chip bug affects over a billion of devices, including smartphones, tablets, laptops, and IoT gadgets

Devices from Amazon, Apple, Google, and Samsung as well as some access points by Asus and Huawei, are found to be vulnerable to Kr00k.
27 February 2020
‘Cloud Snooper’ operation uses a unique combination of techniques to evade detection

‘Cloud Snooper’ operation uses a unique combination of techniques to evade detection

The attack involves piggybacking C2 traffic on a legitimate traffic, thus allowing to bypass firewalls.
26 February 2020