While working for a large computer company in the late 90s, I joined a team that ran the company store on the web. The store used the company's own e-commerce system, which it was also selling.
The very first day, at home in the evening, I went to the production site to see if I could log in as root using the default password. Not a problem.
Anyone with any experience with the product could easily have deleted the entire database. I immediately changed the password and emailed the whole team.
The very first day, at home in the evening, I went to the production site to see if I could log in as root using the default password. Not a problem.
Anyone with any experience with the product could easily have deleted the entire database. I immediately changed the password and emailed the whole team.
No one ever responded.