A hacker shared with the public a tremendous amount of information from the credentials of Telnet. The Telnet information leak included those from 515,000 home routers, loT of smart gadgets, and servers.
A hacking website contained the Telnet information leak. The information placed on the website includes the IP address of the gadgets of users. It also included their passwords and usernames on the Telnet service.
The Telnet service is a remote access service that can control gadgets by connecting to the internet.
What is a bot list?
The list acquired by the hacker is called 'bot lists.' It is common in the normal operations of the loT botnet. Multiple hackers go through the internet to create bot lists. These bot lists are then used to network with other devices to install malware.
Hackers hide bot lists from the public. However, some cases show leaks of these lists online.
In 2017, there were 33,000 information leaks from home routers connected to the Telnet service. The confidential information circulated to the public through the internet.
Read Also : PHP7 Security Risk Exposes Websites to Hackers
How did the hacker access the unauthorized Telnet information?
Based on the statement of experts in the field of IT and the hacker, the hackers acquired the Telnet information leak through scanning the internet for gadgets exposed through the Telnet service. First, the Telnet hacker tried the passwords and usernames set by the administrator of the service. Second, the hacker attempted easy and common combinations of passwords.
The information leak was released online through the 'DDoS-for-hire' service.
When asked, the hacker said he issued a massive amount of confidential information to the public; he said that he used his recently improved DDoS service. The service that he upgraded was the latest model that needs to rent high-performing servers coming from cloud service suppliers.
The bot list that the hacker leaked was from October to November 2019. Many of the owners of the information the hacker leaked may have already changed their IP addresses or already changed their login information.
Dangers Posed by the Hack Despite Immediate Response Measures by Users
According to a professional adept in the security of loT, the change in the login information of some of the accounts that were part of the Telnet Information leak does not remove the risks from the attack.
For expert hackers, the hacked information is still useful even if the login information of the affected users, including their IP addresses, was changed.
The insufficiently configured devices are not distributed evenly on the internet. However, they are grouped into a single ISP network. This incident is a result of a staff of ISP wrongfully configuring devices when its distributed to each respective customer.
There is a high chance that hackers may use the IP address in the bot list for other purposes. They may also identify the service supplier and monitor the network of the ISP to acquire an updated list of users' IP addresses.