In association with heise online

06 July 2012, 10:29

Dutch ISP finds 120,000 ADSL accounts with default passwords

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

KPN logo KPN, a major Dutch internet service provider (ISP), has found that over one hundred thousand of its customers have never changed their default passwords, leaving accounts vulnerable to unauthorised access. According to a forum postDutch language link by the company, approximately 120,000 of its 180,000 business ADSL customers had not changed their default password from "welkom01"; about 20,000 other customers were said to be using their username as their passwords.

By not changing default passwords or by using weak passwords, customers left their accounts vulnerable to access by malicious third parties who could, for example, change or remove email accounts, change or disconnect internet service, or add or remove additional paid services. The company says that it discovered the problem following a reportDutch language link from Amsterdam-based news site Webwereld and has since automatically reset the 140,000 potentially vulnerable passwords.

Affected customers have been sent an email explaining the problem and asking them to set new, more secure passwords. KPN says that it has no evidence that leads it to believe that any customer accounts were accessed by unauthorised parties.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit