According to a report published in the technology-based website ZDNet, a hacker published Telnet passwords of more than 500,000 devices which includes Telnet servers, home routers, and Internet of Things(IoT).
A source from ZDNET says that the passwords were published by a system admin who was maintaining a DDoS for hire service on the dark web. And the reasons for such postings are still unknown.
A security researcher from Krebsonsecurity says that such type of posting is done after a 3 months work of perfect scanning of the entire internet with specialized software for devices that were exposing Telnet ports. What’s amazing in this saga is that the hacker exposed the passwords either by guessing the default credentials or by easily guessing the combinations.
There is a high probability of cyber crooks purchasing such credentials to build Bot lists to install malware or use these devices to launch DDoS attacks.
Note 1- Most of the entries might have been outdated as some devices might have changed their IP address or passwords. However, hackers can use software to re-scan ISP networks and update the list with the latest IP addresses.
Note 2- Telnet is an application protocol used to connect remote computers over a TCP/IP network. It helps a user control a digital account or a device on a remote node. Founded in 1969 the full form of Telnet is Telecommunication NETwork. And as the Telnet messages are sent in clear text, due to security concerns it was replaced by Secure Shell(SSH) Protocol.