Over 500,000 Telnet Credentials are Exposed

Over 500,000 Telnet Credentials are Exposed


Telnet is a communication service protocol that helps a user in controlling a remotely connected device over the TCP/IP network. Recently, the Telnet credentials for more than 515,000 servers, home routers, and IoT devices were exposed by a threat actor. The hacker listed these credentials as “bot list”, which is a common component of an IoT botnet operation and published this list on an online forum. The bot list containing IP addresses and usernames/ passwords of affected devices were exposed. This hack affected devices and people from around the world. Most of these devices were based on reputed cloud service providers, and only a few were based on the home network. It is hard to tell how many of these credentials are still valid.

In order to compile this list, the hacker scanned the entire internet searching for connected devices with exposed Telnet ports. According to the research, there are 2 methods hackers used:

  • Using factory-set default usernames as well as passwords;
  • Attempting easy-to-guess password combinations.

The hacker who exposed the list was previously a maintainer of a DDoS-for-hire service. He claimed that he published the list because he upgraded his DDoS service from working on top of IoT botnets to a new model that relies on renting high-output servers from cloud service providers. The data on the list he leaked was from October 2019 to November 2019. After the credential exposure, these devices are expected to be running on a different IP address or using different login credentials though, the leaked credentials should remain incredibly useful for skilled attackers. The skilled attackers can use the IP addresses disclosed in the bot list to determine the service provider and then re-scan the ISP’s network to update the list with the latest IP addresses as ISP deploys misconfigured devices to their respective customer bases.


A Penetration Test Can Determine and Expose the Weakness within Your Systems

Our Experts strategically attack your internal IT Systems, the same way a malicious hacker would

For more information, on LIFARS Penetration Testing Services, Contact Us Today

Email:contact@lifars.com | Call us at:(212) 222-7061