Telnet Credentials: Over Fifty Thousand Data Leaked On Dark Web


Hackers have obtained and leaked a list of over 515000 Telnet credentials of servers, Internet of Things (IoT) devices and routers on a popular hacking forum as discovered by researchers. This discovery is in line with a number of cybersecurity experts predictions stating that data leak in 2020 would not be anything less than the many recorded cases in the previous year.

The uploaded list includes the usernames and passwords of Telnet services as well as the IP addresses of the affected Telnet devices. After attackers got access to the affected devices, they used the manufacturer’s default password, and also made an accurate guess of the credentials.

Telnet Credentials

Image Source:

Hackers who get hold of the leaked Telnet credentials can remotely control the affected devices from the comfort of their homes. This calls for the need for Telnet users to change their passwords from the manufacturer’s default password to a more secure password. It is worth noting that hackers are always using different means to get access to your Telnet device. An IoT security expert revealed that if any of the entry on the list becomes invalid after the passwords and IP addresses are changed, experienced attackers can still use it effectively.

The attackers scanned the entire internet to compile a list of devices that exposed their Telnet port using an easy to guess combination and factory-set default credentials. It was reported that the attackers would use the obtained credentials in botnets to launch a DDOS attack and engage in fraudulent schemes. The possessed 515,000 credentials would be used for a more dangerous operation. Compared to the previous incidents, this is by far the largest expose involving Telnet credentials.

ZDNet revealed that a maintainer of DDOS for hire service leaked the credentials online. They questioned him on the reason behind his decision to expose the many Telnet credentials online, and he replied that he upgraded his DDOS service to a new model from working on top of IoT botnets. This involves the relying on renting of high output servers from cloud service providers according to him. ZDNet used IoT search engines like Shodan and BinaryEdge to identify devices across the world including those found in the network of known internet service providers. Other devices were said to be located on the network of major cloud service providers according to the report.

It was reported that the hackers scanned the internet to obtained these Telnet credentials from October to November 2019. Due to this, most of the affected devices probably run on changed IP addresses or different passwords. The number of devices still valid is not known as the researchers never used the password combination to access any of these devices to determine their validity as this may be illegal.

Telnet Credentials

Image Source:

Hackers can use the leaked IP addresses to determine the service provider and scan the ISPs network in an attempt to update them with the latest IP addresses as reported.

The list Telnet credentials have been shared with security researchers to notify the ISPs and server owners. This case is another incident of hackers taking advantage of vulnerabilities to freely obtain credentials for their fraudulent schemes.

A lot of Telnet users do not consider that their credentials are constantly being hunted by hackers on the internet, so they do not see the need to change the default passwords to a stronger password. This is not the first time Telnet credentials have been accessed by hackers. In 2017, about 33,000 home router Telnet credentials were accessed as reported by many news outlets.
The 2017 leaked entries were made up of usernames, passwords, and IP addresses.

Most of the entries were the device default credentials In the form “root: root” and “admin: admin”. It was discovered that the list contained duplicate IP addresses which were actually about 8233 unique IP addresses. Researchers revealed that 1775 of the credentials still worked when tested, and 2174 allowed hackers to access the device using the Telnet port. The list was analyzed per country ranging from many European countries to the US and finally to Asia. According to the researchers, China was highly affected by the leak.

Telnet credentials are very important tools for hackers in the launching of cyber-attacks. As a result, it is important for all users to understand that hackers have a lot of uses for the obtained credentials and can be launched to cause severe damages. Always use unique credentials to access different devices and platforms to avoid making it easy for hackers to access all your accounts on different platforms when they obtain the password of one account.

Source: ZDNet

Disclaimer: does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.

Tags: #Deep_Web_directories #Hidden_Wiki_Links #Deep_Web_Links_and_Web_Sites #Dark_Web_Links #Best_Dark_web_Websites


Please enter your comment!
Please enter your name here