Spenser Jones

Hacker leaks more than 500k IoT telnet credentials

A hacker has recently published a list of over 515,000 telnet credentials for IoT devices. Telnet is one of the original remote terminal protocols, originating in 1969, and has waned in usage significantly in favour of SSH due to the numerous security concerns and limitations it has. Most modern systems do not make it easy to set up a telnet server, however a variety of IoT devices appear to have it installed and publicly exposed. Worse yet, many of these systems are using weak or default username and password combinations.

The list of credentials, including target IP addresses, was published by a hacker that runs a DDoS-for-hire (DDoS booter) service, and had recently upgraded his botnet from relying on commandeered IoT devices to high-output servers from cloud service providers.

Additional Reading