Nepali ADSL Users data compromised

Some anonymous source just dumped your WiFi username and passwords in the bin.

Yes, you got us right.

While working around in our desk, at around 12 in the afternoon, we came to know that some anonymous source just dumped more than 47,300 vulnerable Nepali internet users’ details.

Username and Passwords

Looking into the data that was posted online, there was a moment of silence in our team.

It seems like someone posted wireless BSSID, password, encryption techniques used by the router, login page – username and passwords and more.

When we dug into the details following the anon source which claimed to have dumped the 47,300 vulnerable user’s data; we found that the claim might not be fully correct. Or it may be that some limited data had been posted online as a POC (Proof of Concept).

Whatever the case may be, around 217 routers were hacked (as stated) and the total of 3,050 wireless username and passwords were posted. On looking into the data, what’s still a serious matter is that people are still using the most hackable, easily guessable and the most commonly exploited passwords like 123456789, password, 12345678, 987654321, abc1234, password123 and other default passwords. Well, there are some patriots too, with passwords like merodesh, meronepal, nepal123, nepal1234, kpoli1946. Other passwords were also either only in alphabetic form or numeric form which when attacked through brute force would not take more than an hour or so to crack.

Common passwords

Common passwords

If you are among the ones who have used those kinds of guessable and easily breakable passwords, you should shift to passphrase rather than using password because of its easy exploitability either through brute force or social engineering or layman’s way of cryptanalytic attack. (And by saying that we do not motivate you to use your password as passphrase as in passphrase!)


One Comment

  1. I learnt during router setup that people often like to keep easy access password and especially “cell numbers” for easy to remember. So better, I see it’s beneficial if every single user’s are aware of MAC Filtering. So far it will definitely help to reduce this kind of breach in other’s personal security.

Leave a Reply

Your email address will not be published. Required fields are marked *