Point-of-Sale vendor has used the same admin password for 25 years

Alan Martin reports:

A major vendor of point-of-sale terminals has not changed the default passwords used on its devices in a quarter of a century, researchers have revealed at RSA 2015.

The firm was not named during the presentation by Charles Henderson and David Byrne for security reasons, but it is said to be a widely used manufacturer. Although the password can (and should) be changed, CIO reports that the researchers believed in most cases they were left as customers assumed the password – 166816 – was unique to them.

Read more on WeLiveSecurity. Also see The Register‘s coverage.

ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Toys “R” Us Canada customers notified of breach of personal information
Gatineau gymnastics centre warns members of possible data breach
Confidence in ransomware recovery is high but actual success rates remain low
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers

Point-of-Sale vendor has used the same admin password for 25 years

Related:

1 thought on “Point-of-Sale vendor has used the same admin password for 25 years”