Telnet data leak: Passwords for over 5 lakh IoT devices, home routers posted online
In a massive data leak, Telnet credentials of over five lakh users have been published online on a hacking forum. According to a, the leaked Telnet credentials included usernames, passwords as well as IP addresses from Internet of Things (IoT) home devices, home routers, and servers.
For those unaware, Telnet is a protocol used to control devices remotely. “According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port,” the report said.
It added that the list of leaked credentials of users was posted online by someone who maintained a DDoS-for-hire (DDoS booter) service. Though the lists contain credentials from October-November 2019 time-frame and there’s a possibility that many of the IP addresses have been changed, a hacker can still potentially take advantage of the leak to update the latest IP addresses by re-scanning the ISP’s network, which poses a threat.
This is not the first time that Telnet credentials of users have been leaked online. In August 2017, over 33,000 Telnet credentials, including IP address, device username, as well as passwords remained exposed online for more than three months. However, the latest Telnet leak seems much bigger and more serious as a lot more credentials have been exposed.