This does not surprise me since the number of IoT devices has been steadily increasing and they all run some form of Linux. The question that comes to mind is how many IoT devices have a copy of their OS stored in ROM what will simply overwrite the running OS if the device is reset. It would be even better is there was some form of detection to automate this process.
I also remember seeing somewhere how many IoT devices are being exploited because they do not use security connections. This sadly was said to be because it required a bigger better chip and places where just staying with the cheaper versions. This gets me back to saying there should be steep fines for places that cut corners like this.
If you are going to do something, do it right, or not at all!