According to a story published by ZDNet, a hacker has published a massive list of Telnet credentials for more than 515,000 servers, home routers and IoT devices.
The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet. According to experts and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.
Commenting on this Gavin Millard, VP of Intelligence at Tenable said, “Telnet, one of the earliest remote login protocols, belongs in the museum of hilariously bad security issues alongside its cleartext twin FTP, that should have been removed from systems years ago and has no place on any device, especially those that are exposed to the internet. Irrelevant of protocol used though, the most concerning issue with the dataset is the 500,000 systems directly connected to the internet with easily guessed passwords. Whilst these systems probably don’t have any business critical information on them, they could easily be leveraged in an automated attack similar to the internet hobbling Mirai botnet from 2016. Admins should be regularly assessing the external attack surface of network ranges they own to identify old and easily exploited protocols including SMBv2, FTP and RDP, as well as flaws affecting newer protocols that could be taken advantage of by anyone that spends five minutes reading up on how to hack.”