140,000 KPN ADSL customers still using default password
Credit:
http://en.wikipedia.org/wiki/KPN
In Holland, a major ISP known as KPN has found a major security flaw for their customers. It seems that the Usernames were easy to guess because it was comprised of the persons zipcode + street address. All customers have had the same default password of 'welkom01'.
On a customers account management page there is an option to change the password, but up to 140,000 users never did. Anyone with minimal effort could log onto the account management of business ADSL subscribers.
The account management page could have given attackers access to peoples accounts and the abilities to change things in such a way that it was nearly impossible for the real owner to fix. Once inside they could find bank account and credit card numbers.