Over Half Million Telnet Credentials Leaked for IoT Devices, Servers, Routers

The leaked information includes each device’s IP address, as well as a username and password for the remote access protocol that can be used to control devices over the Internet.

2020 is just a few weeks old and has already seen its first major data breach. According to ZDNet, a hacker has released Telnet credentials for more than 515,000 servers, home routers and Internet of Things (IoT) devices.

The leaked information was posted on a popular hacking forum and includes each device’s IP address, as well as a username and password for the Telnet service, a remote access protocol that can be used to control devices over the Internet.

The list was compiled by scanning the entire Internet for devices that were exposing their Telnet port, according to experts who spoke with ZDNet, as well as a statement from the leaker himself. The hacker then tried using factory-set default usernames and passwords, or custom, but easy-to-guess password combinations.

This latest incident highlights the necessity for users to utilize two-factor authentication and resist the urge to use default, recycled or easy-to-guess passwords. Last month, hackers created tools specifically to attack Ring security cameras that utilized those vulnerabilities.

ZDNet says the list was published online by the maintainer of a DDoS-for-hire (DDoS booter) service.

When asked why he published such a massive list of “bots,” the leaker said he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers.

All the lists the hacker leaked are dated October-November 2019. Some of these devices might now run on a different IP address, or use different login credentials.

ZDNet did not use any of the username and password combos to access any of the devices, as this would be illegal — hence we are unable to tell home many of these credentials are still valid.

Using IoT search engines like BinaryEdge and Shodan, ZDNet identified devices all over the world. Some devices were located on the networks of known internet service providers (indicating they were either home router or IoT devices), but other devices were located on the networks of major cloud service providers.

As the year goes on, it will be interesting to see how many more incidents like this will occur. Will people finally stop using terrible passwords? Will manufactures start forcing users to change default passwords and enable two-factor authentication?

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Steven A. Karantzoulidis is the Web Editor for Security Sales & Integration. He graduated from the University of Massachusetts Amherst with a degree in Communication and has a background in Film, A/V and Social Media.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters