icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
20 Jan, 2020 13:30

Hacker leaks 500k passwords for servers, routers and IoT devices on Dark Web

Hacker leaks 500k passwords for servers, routers and IoT devices on Dark Web

A hacker has dumped a massive list of Telnet credentials and passwords for over 500,000 servers, routers, and so-called smart devices on the Dark Web, exposing the persistent vulnerability of cloud service providers.

The list, published on a popular hacking forum, includes IP addresses, usernames and passwords for the Telnet remote service, which is used on numerous Internet of Things (IoT) devices around the world. 

The hacker in question reportedly trawled the internet for users who were exposing their Telnet ports. They then tried to gain access to these devices using factory default usernames and passwords, as well as custom (but generic) password combinations.

Also on rt.com Doomsday arrives for Windows 7 tech support, leaving users to fend for themselves

The hacker reportedly runs a DDoS-for-hire service, but has now expanded their operation to include renting out hijacked high-output servers from cloud service providers like Telnet. 

This latest incident is the largest known leak of Telnet passwords to date. 

It is unclear how many of the credentials published remain valid, as the lists are all dated between October and November 2019. However, experts warn that, even if IP addresses and passwords have been updated or changed, skilled hackers can still exploit similar vulnerabilities on other devices clustered on the same ISP, due to employee error when configuring the routers or IoT devices.

Think your friends would be interested? Share this story!