Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine). Discovered by Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in IoT security, these passwords are for Dahua DVRs running very old firmware that is vulnerable to a five-year-old vulnerability.
ORIGINAL SOURCE: Bleeping Computer