Dutch ISP Discovers 140,000 Customers With Default Password 99
bs0d3 writes "In Holland, a major ISP (KPN) has found a major security flaw for their customers. It seems that all customers have had the same default password of 'welkom01'. Up to 140,000 customers had retained their default passwords. Once inside attackers could have found bank account and credit card numbers. KPN has since changed all the passwords of the 140,000 customers with weak passwords. They also do not believe anyone has actually been burglarized since discovering this weak spot in security."
burglarized??? (Score:4, Insightful)
Re:Tourism in Holland is going to EXPLODE (Score:5, Insightful)
Just for the record, it's no a normal or common thing to have sex with underage eastern european girls here.
Re:It's the ISP's fault (Score:5, Insightful)
but some people need to learn the hard way.
Should car companies remove seat belts and airbags, so people can "learn the hard way" to avoid accidents?
Or maybe we should be responsible professionals and design secure systems and appropriate procedures, instead of blaming our customers for our own incompetence.
Re:burglarized??? (Score:4, Insightful)
I guess it's American usage. We don't ever say "burgled" over here; it sounds funny.
Re:It's the ISP's fault (Score:5, Insightful)
If I get a lock installed on the door of my new house, with a key that is the same as the key on 140000 other doors, guess what I am going to do next, install a new lock or wait until someone empties my house and blame the company that installed the lock.
Unless you went out of your way to get a special lock, the lock on the door of your house is likely trivial to defeat with a "bump key", which is pretty easy to come by and use (unlike lockpicks, which would also open your door easily, but are somewhat controlled and take a bit of practice). But you probably didn't know that, because you're not a technical expert in that area of security.
Most people aren't a technical expert in the area of computer security, and so don't have a clue that they would need to change the password their ISP gave them. They would expect their ISP to be competant in such matters.