A hacker has leaked usernames and passwords of over five lakh servers, routers and Internet of Things (IoT) devices on the Dark Web which can be used to install malware on Internet-connected devices at home or at work. Attackers could use those credentials to gain remote access to the affected devices, like we have seen recently in some home cameras and devices, including Amazon-owned Ring security cameras.
According to reports, the list of Telnet credentials has been published on a popular hacking forum that includes each device's IP address, along with a username and password for the Telnet service. Telnet is one of the earliest remote login protocols on the Internet. It is a client-server protocol that provides the user with a terminal session to the remote host from the telnet client application.
"Hackers scan the internet to build bot lists, and then use them to connect to the devices and install malware," said the report. The list has been published online by the maintainer of a Direct Denial of Service (DDoS) botnet operator. However, some of these devices might now run on a different IP address or use different login credentials.
"Some devices were located on the networks of known Internet service providers (indicating they were either home router or IoT devices), but other devices were located on the networks of major Cloud service providers," the report mentioned. The five lakh devices still remain at hacking risk as a hacker can use the IP addresses included in the lists and then re-scan the internet service provider's network to update the list with the latest IP addresses.
Amazon's Ring subsidiary came in news for all the wrong reasons where customers' in-house cameras were broken into and the hackers tried to intimate the residents, including children. In the US, parents of an eight-year-old girl were left stunned when a hacker accessed a camera installed in their daughter's room and taunted her.