Massive IoT Exploit: More than 1,700 valid Telnet credentials for IoT devices leaked online

Security researchers are warning of the availability online of a list of IoT devices and associated telnet credentials.

The list has been available on Pastebin since June, but last week it was also shared via Twitter by the researcher Ankit Anubhav becoming rapidly viral.

The original list was posted by someone who has previously published a dump of valid log-in credentials and also the source code of a botnet.

It is a gift for hackers, more than 1,700 IoT devices could easily take over and recruit them part of a botnet that could be used to power a DDoS attack.

The list has more than 22,000 views as of Saturday afternoon, while only 1,000 users have seen it since last Thursday.

Many IoT devices included in the list have default and well-known credentials (i.e., admin:admin, root:root, or no authentication required).

Top five credentials were:

  • root:[blank]—782
  • admin:admin—634
  • root:root—320
  • admin:default—21
  • default:[blank]—18

The popular researcher Victor Gevers, the founder of the GDI Foundation, analyzed the list and confirmed it is composed of more than 8200 unique IP addresses, about 2.174 are accessible via Telnet with the leaked credentials.

According to the researchers, most of the reachable IPs (61 percent) were located in China.

The list of the 33,000 IP addresses includes many duplicates, it is likely they were already abused by hackers in the wild.

The Pastebin also includes numerous scripts, titled “Easy To Root Kit,” “Mirai Bots,” “Mirai-CrossCompiler,” “Apache Struts 2 RCE Auto-Exploiter v2),” “Slowloris DDoS Attack Script.”

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase