Over 500,000 Credentials for Telnet Exposed IoT Devices and Servers Leaked Online

A hacker has published a trove of over 515,000 Telnet credentials for Internet of Things (IoT) devices, servers, and various routers on a forum, along with user names and passwords, potentially giving an attacker complete control.

Telnet credentials are usually employed when users need to configure various devices, and it’s easy to see why revealing them would instantly make all endpoints vulnerable, whether it’s a server or an IoT device.

Communication through Telnet is done over port 23 and, in combination with the correct IP, other users would easily connect to those endpoints.

According to a ZDNet report, the data was gathered by scanning the Internet for available Telnet ports and trying commonly used user names and passwords. When a device receives instructions over Telnet, the procedure indicates to turn off the port when the configuration is finished. Worse yet, some devices, servers, and routers have the port exposed all the time.

The individual who published the data is the maintainer of a DDoS Booter, an online service people can rent. It’s not exactly legal, so the source is not the most trustworthy. It’s worth keeping in mind that such lists usually stay hidden as multiple hackers use the exposed endpoints at any given time. It’s unlikely that all of these devices were exploited by just one DDoS service.

Since the lists date from October and November 2019, many of the IPs are no longer valid, but with 550,000 different endpoints on the leaked list, some of them are bound to still work.

Auditing your network and devices is the only course of action for regular users and companies. If you don’t want your devices used in DDoS attacks, make sure that the Telnet ports are not exposed online and that you use robust user names and passwords.

Add Comment

Your email address will not be published. Required fields are marked *