On September 20th, 2016, KrebSonSecurity.com was hit by a DDoS attack. This was the largest such attack in history. In simplified terms, in a DDoS (Distributed Denial-of-service) attack, a large number of devices try to simultaneously access a single target web-server. This causes the target web-server to be overloaded. In the case of this attack around 1 million IoT (Internet Of Things) devices were hacked and used to flood the KrebsOnSecurity.com website. These were devices such as routers, connected cameras, connected lightbulbs, thermostats etc.
The reason this attack was possible is that these devices had BAD passwords. Hackers were able to crack these easily and gain access to the devices. Since then, the hackers have open-sourced the source code of the program used for the hacking attack. In this source code, they have included a number of passwords that they tried and used successfully.
Please do read the list below. These are very commonly used passwords. We strongly encourage you to change passwords regularly, especially if you are using one of the below passwords.
Below is a list of the passwords that were used by the hackers’ script: