Username and passwords of five lakh servers leaked by hacker
According to reports, a hacker has leaked usernames and passwords of about five lakh servers, routers and Internet of Things (IoT) devices on the Dark Web.
The list of Telnet credentials has reportedly been published on a popular hacking forum that includes each device’s IP address, along with a username and password for the Telnet service. Telnet is one of the earliest remote login protocols on the Internet. It is a client-server protocol that provides the user with a terminal session to the remote host from the telnet client application.
The leaked information can be used to install malware on Internet-connected devices at home or at work. Attackers could use those credentials to gain remote access to the affected devices like we have seen recently in some home cameras and devices, including Amazon-owned Ring security cameras.
The list has been published online by the maintainer of a Direct Denial of Service (DDoS) botnet operator. However, some of these devices might now run on a different IP address, or use different login credentials.
“Some devices were located on the networks of known Internet service providers (indicating they were either home router or IoT devices), but other devices were located on the networks of major Cloud service providers,” the report reportedly stated. The five lakh devices still remain at hacking risk as a hacker can use the IP addresses included in the lists and then re-scan the internet service provider’s network to update the list with the latest IP addresses.
*Edited from an IANS report.