You need a shodan enterprise account to say how many users exist with any kind of certainty. Shodan.io is a search engine for security research, is not a toy, and is a quick way to get yourself on a few NSA watchlists. You need a free account to search for anything at all, and you need a paid account to search for anything useful.
How it works:
All devices connected to the internet have a banner containing metadata. Shodan searches this banner.
For example, if you are on a linux distro, see if you have easy access to a program called bannergrab. Install it, then use bannergrab to see the banner of your router's landing page at 192.168.1.1 or whatever you set it to followed by the port (80/443).
$ bannergrab 192.168.1.1 80
On a router with openWRT installed you'll see something like this:
[user@home ~]$ bannergrab --verbose 192.168.1.1 80
_ _
| |__ __ _ _ __ _ __ ___ _ __ __ _ _ __ __ _| |__
| '_ \ / _` | '_ \| '_ \ / _ \ '__/ _` | '__/ _` | '_ \
| |_) | (_| | | | | | | | __/ | | (_| | | | (_| | |_) |
|_.__/ \__,_|_| |_|_| |_|\___|_| \__, |_| \__,_|_.__/
|___/
Version 3.5
http://bannergrab.sourceforge.net
Copyright (C) 2007-2008 Ian Ventura-Whiting
HTTP/1.0 200 OK
Connection: close
ETag: "421-20a-5f550c1b"
Last-Modified: Sun, 06 Sep 2020 16:19:39 GMT
Date: Sun, 31 Jan 2021 00:09:47 GMT
Content-Type: text/html
Content-Length: 522
I think the only part of this banner that really identifies anything is the ETag: "421-20a-5f550c1b" part. If I understand it correctly, anyone with the openWRT luci landing page set to port 80 should have this etag. Therefore if the etag were to be searched on shodan, I think it would reveal how many active openWRT users are currently connected to the internet.
If I understand how shodan works, the search is done on recently archived/updated data, and not live like doing an nmap search. Scanning the internet for connected devices without permission with something like nmap is illegal and very conspicuous. Maybe someone on here with a real shodan account could search and share.
-Jake