Home Cyber Security Credentials of 900+ enterprise VPN servers leaked by hacker

Credentials of 900+ enterprise VPN servers leaked by hacker

Leaked credentials
Leaked credentials

We know that hacking has almost become a trend these days and we see hacks taking place almost everywhere. This is not to say that hacking is cool because it is not and real information can be stolen as well as millions could be lost. However, it is a fact that hacking has become the new normal and people will need to find a way to secure themselves from the same. Also known is that hackers are targeting enterprises more than the users during this time because they know the more money can be recovered from the companies only.

Similar to that, we have a new report from the world of hacking where credentials of a new VPN server have been found and it is known that the hacker is a Russian-speaker looking at the details that have been shared so far. There is a whole list of passwords that have been shared by this hacker and they are regarding VPN enterprise servers of more than 900 companies. From the list analyzed by ZDNet, details found are the likes of

  • IP addresses of Pulse Secure VPN servers
  • Pulse Secure VPN server firmware version
  • SSH keys for each server
  • A list of all local users and their password hashes
  • Admin account details
  • Last VPN logins (including usernames and cleartext passwords)
  • VPN session cookies

One research firm named Bad Packets says that “Of the 913 unique IP addresses found in that dump, 677 were detected by Bad Packets CTI scans to be vulnerable to CVE-2019-11510 when the exploit was made public last year,”

This means that the public exploit was used to get these credentials but it is still interesting that not every one of these credentials are due to the exploit so it is possible that the hacker might have hacked into some of the companies’ servers too.