A hacker leaks passwords for more than half a million servers, routers and IoT devices

A hacker a few days ago published an enormous list of Telnet credentials for more than 515,000 servers, home routers and Internet of Things (IOT) devices.

The "Telnet" protocol is an application used to log in to a computer that remotely uses the "TCP / IP" protocol and allows the user to issue commands on the remote computer as if the user is logged in locally.

The list published on the popular hacking forum includes the Internet Protocol (IP) addresses for each device, along with the user name and password for the "Telnet" service and the remote access protocol that can be used to control devices over the Internet.

And the transfer of the website "Znet" on technical affairs - from experts and a statement from the leak itself - that the list was compiled by scanning the entire Internet in search of devices that were revealing its "Telnet" port. Then try using factory-set default usernames and passwords, or combinations of custom, but easy-to-guess passwords.

These types of lists are called "bot lists" things (hacked devices) where hackers scan the Internet to build bot lists, then use them to connect to devices and install malicious programs.

Usually these lists remain private despite some leaking over the Internet in the past, such as the 33,000 Telnet credential list that leaked in August 2017. But this latest leak is the largest known leak to date of Telnet passwords.

It is reported that all the lists that the hacker leaked are dated October and November 2019. Some of these devices may now work on different IP addresses, or they may have used different passwords to log in, but nevertheless the risk remains.

The website "Znet" quoted an IoT security expert - whom he did not name - that even if some of the entries in the lists are no longer valid because the devices may have changed their IP addresses or passwords, they are still very useful for skilled attackers.

The expert pointed out that the attacker could use the mentioned IP addresses in the leaked lists to locate the service provider, and then recheck the network provided to the Internet service in order to update the list with the latest IP addresses.