Hacker leaks 500k passwords for servers, routers and IoT devices on Dark Web


A hacker has dumped a massive list of Telnet credentials and passwords for over 500,000 servers, routers, and so-called smart devices on the Dark Web, exposing the persistent vulnerability of cloud service providers.

The list, published on a popular hacking forum, includes IP addresses, usernames and passwords for the Telnet remote service, which is used on numerous Internet of Things (IoT) devices around the world. 

The hacker in question reportedly trawled the internet for users who were exposing their Telnet ports. They then tried to gain access to these devices using factory default usernames and passwords, as well as custom (but generic) password combinations.

The hacker reportedly runs a DDoS-for-hire service, but has now expanded their operation to include renting out hijacked high-output servers from cloud service providers like Telnet. 

This latest incident is the largest known leak of Telnet passwords to date. 

It is unclear how many of the credentials published remain valid, as the lists are all dated between October and November 2019. However, experts warn that, even if IP addresses and passwords have been updated or changed, skilled hackers can still exploit similar vulnerabilities on other devices clustered on the same ISP, due to employee error when configuring the routers or IoT devices.