Leak of >1,700 valid passwords could make the IoT mess much worse

Dan Goodin reports:

Security researchers have unearthed a sprawling list of login credentials that allows anyone on the Internet to take over home routers and more than 1,700 “Internet of things” devices and make them part of a destructive botnet.

The list of telnet-accessible devices, currently posted at this Pastebin address, was first posted in June, but it has been updated several times since then. It contains user names and passwords for 8,233 unique IP addresses, 2,174 of which were still running open telnet servers as of Friday morning, said Victor Gevers, chairman of the GDI Foundation, a Netherlands-based nonprofit that works to improve Internet security.

Read more on Ars Technica.

About the author: Dissent

Has one comment to “Leak of >1,700 valid passwords could make the IoT mess much worse”

You can leave a reply or Trackback this post.
  1. Daniel Barbour - August 28, 2017

    How does this threat stack up against the Mirai botnet? My understanding was that Mirai corralled 100’s of thousands of IoT devices for its DDoS attacks (many were from the same Chinese manufacturer) using only 60 default login/password pairs.

Comments are closed.