Dutch ISP Discovers 140,000 Customers With Default Password

bs0d3 writes "In Holland, a major ISP (KPN) has found a major security flaw for their customers. It seems that all customers have had the same default password of 'welkom01'. Up to 140,000 customers had retained their default passwords. Once inside attackers could have found bank account and credit card numbers. KPN has since changed all the passwords of the 140,000 customers with weak passwords. They also do not believe anyone has actually been burglarized since discovering this weak spot in security."

Tourism in Holland is going to EXPLODE

[stanlyb]

They just put this AD everywhere: Dear criminal, do you wanna credit cards for free? And bank account for free? And all the emails, IM, etc accounts for free? Then don't hesitate and come in our little country. Oh, and after the successful hunt you could eat some funny pie, smoke something even more funny, and then frack some 3rd country lady in her teenage years.

Re:It's the ISP's fault

They are not responsible for their hopefully grown-up customers that are all obviously trusted by the banks to have credit cards.

Sure, they should have known better than to trust users to change their passwords, but some people need to learn the hard way. At most, this means a few weeks of sleepless nights for their PR-department.

Not treating your customers like irresponsible children is a sign that you respect them.

Would you shed a tear for an automobile driver who said "gee, I didn't know what the red-line was or that revving it past the red-line could damage the engine!" No, you'd say anybody fit to drive a car should know this, if they don't then they get to go to a mechanic and pay the stupidity tax. Same deal with passwords and internet access.