140,000 KPN ADSL customers still using default password

In Holland, a major ISP known as KPN has found a major security flaw for their customers. It seems that the Usernames were easy to guess because it was comprised of the persons zipcode + street address. All customers have had the same default password of ‘welkom01’.

On a customers account management page there is an option to change the password, but up to 140,000 users never did. Anyone with minimal effort could log onto the account management of business ADSL subscribers.