Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

[Bttzed03]

I just read this article where a hacker published sensitive data including IP addresses, usernames and passwords.

According to experts to who ZDNet spoke this week, and a statement from the leaker himself, the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker than tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

I'm not an expert when it comes to security so if anyone is knowledgeable, kindly explain the implications of this leak. What can be done to protect your personal data? Creating a really tough password is probably one of them, what else?

[1715121843]

1715121843

[1715121843]

1715121843

[1715121843]

1715121843

[1715121843]

1715121843

[1715121843]

1715121843

[mk4]

With leaks like these, where usernames and passwords were leaked, expect these username/password combinations to be tried and tested to finance websites(banks, PayPal, Coinbase and other exchanges, etc). As with these sites, hackers can earn most money.

What can be done to protect your personal data? Creating a really tough password is probably one of them, what else?

On the top of my head:

1. Don't randomly submit personal information on random websites.

2. Different passwords on each online account in general, with as much characters as possible(40+) to prevent bruteforce attacks. Preferably, use a reputable open-source password manager like KeePass[1] and Bitwarden[2]. Yes, all accounts. And keep the master password really secure.

3. (optional) If you want to go further, use a Linux operating system as to decrease the chances of your computer getting infected. I suggest trying out Ubuntu[3] or Mint[4] as these two in my opinion are the best for beginners. You definitely want to dual boot first though, as so you can still use your Windows OS if you're really uncomfortable with Linux.

4. Change said passwords like every few months or so, especially for the finance websites.

5. Check your email on haveibeenpwned[5] once in a while.

[1] https://keepass.info/
[2] https://bitwarden.com/
[3] https://ubuntu.com/
[4] https://linuxmint.com/
[5] https://haveibeenpwned.com/

[Jawhead999]

With this leaks, the hacker will search and find other account with the same or close username-password. Usually people who use weak passwords will do the same for other accounts. And then looking for the credit card, bank, and other asset to earn instant money.

I think to make more secure our personal account, the first thing is strong and long password. But, from my experience there are many tips to prevent it:
1. Make sure don't use same username and password for each account
2. Don't copy paste all your password because windows clickboard can save our history copy paste. This history can be track by ASP Program and Javascript
3. Don't save our password and username to browser.
4. Be careful while click and downloading file, malware and virus can stole your data.
5. Don't use default password provider by the website.
Make sure while create strong and long password, you can remember at least last word of your password. Some website usually ask the last password when we want to recover account.

[UserU]

There's no zero-risk approach. Even tough passwords could be insecure (i.e. stored in plaintext) and using different usernames per site gets old pretty quickly, not to mention needing a long list just to store them.

The only way to protect our data is to either don't use the service or use some fake data or account. The thing is, if KYC gets in the way then you're pretty much screwed.

[JeromeTash]

Even tough passwords could be insecure (i.e. stored in plaintext) and using different usernames per site gets old pretty quickly, not to mention needing a long list just to store them.

It's why using Secure password managers like Bitwarden can be quite resourceful. You don't have to worry about the long list of usernames and passwords for different sites.

I learned a very big lesson why my bitcointalk account was hacked. The person who got my password tried to access my Dropbox and a dozen other useful accounts. Luckily all my exchange accounts and Gmail had 2FA on them and the other accounts without 2FA, the hacker would get blocked before he could log into them for suspicious Log in IP addresses.
I had to change details for ally my valuable accounts and started keeping the information in password managers.

[DdmrDdmr]

A study last year that implied scanning 83 Million IoT devices revealed that 7% of the IoT devices, alongside 14% of routers were easily accessible through a reduced credentials dictionary, being admin/admin the most recurrent case. The growth of IoT, only dwells on these numbers, and I’m pretty sure most domestic settings have no idea how their IoT devices go around security setting best practices.

See https://blog.avast.com/iot-devices-around-the-world

[Perkjeff]

Aside from what other member suggestion, there are few common security practice :
1. Regularly change your password, usually between 3 months - 2 years
2. Own multiple email address for different usage
3. Use temporary email if you need to use shady website

4. Use Two-Factor Authentication (2FA) when available.

This way, even if the hacker has your password, there is an extra layer of protection.

For every sensitive account, it's better to use this kind of protection. When you need to make a bank transfer, your bank send to you a code or something like that. Same here.

When available, ALWAYS enable 2FA.

But be careful when you are changing your device. You need to add all accounts before trash the old one or you can use something like Authy to backup your accounts on cloud. Because you can lose access to your account easily if you can't recover 2FA Access.

You can find more info here.

[Jet Cash]

You definitely want to dual boot first though, as so you can still use your Windows OS if you're really uncomfortable with Linux.

I took a slightly different approach. I bought a large SSD, and I swopped the hard drive on my notebook. This enabled me to install Linux Mint onto what was effectively a brand new uninfected computer. I can swop back to Windows if I need to run some software that Mint doesn't support. Also, I bought a hard rive housing with a USB connection for the old drive, and this allows me to access any files that I need to copy from the Windows system.

[mk4]

You definitely want to dual boot first though, as so you can still use your Windows OS if you're really uncomfortable with Linux.

I took a slightly different approach. I bought a large SSD, and I swopped the hard drive on my notebook. This enabled me to install Linux Mint onto what was effectively a brand new uninfected computer. I can swop back to Windows if I need to run some software that Mint doesn't support. Also, I bought a hard rive housing with a USB connection for the old drive, and this allows me to access any files that I need to copy from the Windows system.

Though that solution might not be for everyone, I guess that works too. Though you might know this already, I suggest trying running that certain Windows software through Wine[1]; certain Windows software works really well through it.

Here's Wine's app database if you're interested, to check which Windows software works well on Wine: https://appdb.winehq.org/

[1] https://www.winehq.org/

[LbtalkL]

This hack is not about paypal password, crypto wallet, etc. It is about Telnet username and passwords if the hacker gain access with your telnet account he/she can access a device via remote access protocol over the internet, he can access your computer and copy data, but I guess it is only applicable to those devices that have static IP address an address that does not change, but if you have dynamic IP your IP will change every time you restart your router so the hacker cannot gain access.

I have a solution:
Go to control panel >> Turn windows feature on or off >> find telnet uncheck and press ok.

[Lucius]

This hack is not about paypal password, crypto wallet, etc. It is about Telnet username and passwords if the hacker gain access with your telnet account he/she can access a device via remote access protocol over the internet, he can access your computer and copy data, but I guess it is only applicable to those devices that have static IP address an address that does not change, but if you have dynamic IP your IP will change every time you restart your router so the hacker cannot gain access.

Of course, this is not a type of hack that can be prevented with the use of 2FA or similar countermeasures when it comes to personal online security. As you wrote the solutions are simple, check if the Telnet option is enabled at all, and if it is simply turn it off. Of course, if we use Telnet it is obligatory to change the access data and to protect ourselves from future data exposures.

Dynamic IP is not solution of this problem since we also have a bad ISP factor involved - so even if IP is changing on daily basis a hacker who knows what he is doing still has a chance to exploit this kind of data.

An IoT security expert (who wanted to remain anonymous) told ZDNet that even if some entries on the list are not valid anymore because devices might have changed their IP address or passwords, the lists remain incredibly useful for a skilled attacker.Misconfigured devices are not evenly spread out across the internet, but they're usually clustered on the network of one single ISP due to the ISP's staff misconfiguring the devices when deploying them to their respective customerbases. An attacker could use the IP addresses included in the lists, determine the service provider, and then re-scan the ISP's network to update the list with the latest IP addresses.

[Kakmakr]

Telnet provided access to a command-line interface on a remote host (Server or Computer or router) and this might be a serious security concerns, because it gives access to a host of commands that can be used to cause further damage.

Simply disabling Telnet would not stop people from enabling it again, but changing the password regularly.. might solve the problem. You must have administrative privileges in order to reset the password. (Windows)

Open a command prompt and type "telnet" followed by the other computer's IP address or name and press "Enter." Add the port address at the end of the command if required by the server. (Then Login)

Enter "passwd" at the prompt to change your own password on a Linux or Unix-based server, and then enter a new password twice when prompted.

Every modem or router have their own login options (username & password) but once you connected to the device, you might be able to change the parameters for that device. (depending on your privileges) - Some ISPs change the default passwords on these devices, so you might have to contact them for the new passwords, if you want to do this yourself.

Hope that helps.  

[akirasendo17]

This sounds nerve racking,  but if you are a systems and network administrators, you have already prepare this kind of scenarios
there are levels of access for servers and routers and for sure they will have their hands full trying to break the security and by the time they know the password they already block it, but these is different for those who have commerical routers since they can be hack depending on what is expose, but for severs and emterprise routers they will have their hands full, but this is helpful, making those unsecure routers double check by the one who manage it and save it

[Bttzed03]

Some information went pass over my head here lol but thank you @everyone. I suppose I will have to do more reading on this stuff and I hope others will do too.

~
Simply disabling Telnet would not stop people from enabling it again, but changing the password regularly.. might solve the problem. You must have administrative privileges in order to reset the password. (Windows)
~

Who would? The people who will access my computer remotely?

[mk4]

Who would? The people who will access my computer remotely?

The people who could access your computer remotely, through malware that could potentially be installed on your computer. Don't overthink this though, as shutting off the telnet port can only do so much to protect your device. Just always remember to think twice when clicking links and installing programs.

Also, Linux!

[Bttzed03]

~
Also, Linux!

I've been slowly learning about Linux. Thanks!