Telnet IOT vulnerability hacked

The internet of things (IOT) vulnerabilities strike again. A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons.

The list — spotted by Ankit Anubhav, a security researcher with New Sky Security — includes an IP address, device username, and a password, and is mainly made up of default device credentials in the form of “admin:admin”, “root:root”, and other formats.

The list has grown to over 500k credentials now. And Dated from 2019 too.