The mass reset took place after all user accounts were locked on 2 April, following infosec firm Bitdefender revealing that malicious persons were pwning Linksys devices through cred-stuffing attacks.
Hackers with access to Linksys Smart Wi-Fi accounts were changing home routers’ DNS server settings. Compromised users’ attempts to reach domains ranging from Disney, pornography, and Amazon AWS were redirected to a webpage peddling a coronavirus-themed app “that displays a message purportedly from the World Health Organization, telling users to download and install an application that offers instructions and information about COVID-19.” The Register – Gareth Corfield | April 15, 2020
