A large trove of data containing Telnet credentials has been posted by a hacker this week. The credentials belonged to various servers, IoT (Internet of Things) smart devices and home routers. The list contains data of more than 515,000 devices including IP addresses of each device, user ID and password for Telnet. As per the records, this one is the largest Telnet credentials leak to date.
For those who aren’t aware, Telnet is a client-server protocol used for communicating with a remote device or server. As stated by the leaker himself, the list containing IP addresses and Telnet credentials was created by scanning the internet for devices exposing their Telnet ports. After executing the scan, the hacker used factory-set default usernames and passwords. The hacker also claimed that he tried using custom but simple passwords.
Usually, hackers create “bot lists” by scanning the internet and then use the list to connect with various devices and install malware. These bot lists are a basic part of IoT botnet operation. Previously in August 2017, a list containing 33,000 Telnet credentials of home routers was leaked by a hacker.
The hacker on being asked the reason for publishing the list said that he updated his DDoS service to a new model instead of working on IoT botnets. The new model is based on using high output servers by renting them from cloud service providers.
The list published by the hacker contains the dates of October and November which raises the speculations that some of the devices in the list must have changed their passwords and may be running on different IP addresses now.
The credential will be of no use for basic level hackers. However, experts have clearly stated that the leaked information can be used efficiently by a skilled hacker. A skilled attacker can use the outdated IP addresses to figure-out the service providers and re-inspect the Internet Service Provider’s Network to get the updated IP addresses.