This week, a hacker published a massive list of a data breach of TelNet credentials, more than 515,000 servers, home routers, and IoT (Internet of Things) smart devices. This list was published on a popular hacking forum that includes every device’s IP address and more than 5 lakh user IDs and passwords of TelNet service. According to the records, it is reported to be the largest telnet credentials hack.
According to the experts of ZDNet and a statement from the leaker himself, this TelNet Hacking was done by scanning all the devices which were exposing their telnet port. After executing the hacking, the hacker tried to factory-set the devices to use their default username and password or a custom, but simple-to-remember password combinations.
Typically, to execute this type of hacking, hackers set up a “bot list” by scanning the Internet and then using that bot list to connect to different devices and install malware in them. These bot lists are an important part of an IoT botnet operation. Such lists are kept secret, but in August 2017, a list containing 33,000 Telnet credentials of home routers was leaked by the hacker.
Data Leaked by a DDOS Service Operator
The list was published online by the DDoS booter service.
When asked about the reasons for publishing such a big list, the hacker said that instead of working on the IoT botnet, he upgraded his DDoS service to a new model that relies on renting the new cloud service providers to use the efficiency of its high-output servers.
Most of the data in the published list by the hacker are from October-November 2019, which will not be beneficial for the hacker because many of these devices can now run on a different IP address, or use different login credentials.
However, an IoT expert (who wanted to remain anonymous) has clearly stated that the leaked information can be accessed by a skilled hacker. An expert hacker can use old IP addresses to locate service providers and re-inspect the Internet service provider’s network to obtain updated IP addresses.