A hacker published a trove of credentials for more than 515,000 servers, IOT devices and routers in what is being described as one of the biggest leaks to date.
The list, published on a popular hacking forum, exposes usernames, passwords, and IP addresses.
The hacker, who himself runs a DDoS-for-hire service, ran a wide-ranging scan for the devices that had their Telnet ports exposed. Once the hacker located the devices, he proceeded to run tests with default passwords provided upon purchasing the devices in question along with a list of common and easy to guess passwords.
According to cyber security experts, the credentials leaked by the hacker are dated October to November 2019 which increases the likelihood that a lot of the IP addresses and passwords have changed.
But experts are warning that the sole existence of this list is a massive security threat. In the hands of a skilled hacker, the list can become a powerful tool in regaining access or drilling deeper into the networks with a lot of devices exposed.
IoT devices have long been viewed as the weakest link in the cyber security chain. Most hackers need just minutes to hack a connected device like a thermostat or camera. Furthermore, hackers have been using IoT as their additional points of attack, employing them into botnets for targeted DDoS attacks.