Massive IoT Exploit: More than 1,700 valid Telnet credentials for IoT devices leaked online

Security researchers are warning of the availability online of a list of IoT devices and associated telnet credentials.

The list has been available on Pastebin since June, but last week it was also shared via Twitter by the researcher Ankit Anubhav becoming rapidly viral.

The original list was posted by someone who has previously published a dump of valid log-in credentials and also the source code of a botnet.

It is a gift for hackers, more than 1,700 IoT devices could easily take over and recruit them part of a botnet that could be used to power a DDoS attack.

The list has more than 22,000 views as of Saturday afternoon, while only 1,000 users have seen it since last Thursday.

Many IoT devices included in the list have default and well-known credentials (i.e., admin:admin, root:root, or no authentication required). More…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: