I read this post on the Wired blogs about an ATM heist in which the culprit re-programmed the ATM to think it was dispensing dollar bills when it was actually dispensing twenties, thereby allowing the guy to clean out the ATM. How did he do the re-programming? Because he knew the Master Passcode for the machine, which was still set to the factory default of “123456″.
About changing the passcode, the owner said “Oh yeah. I’ve change it twice since then. I’m paranoid now. I’ll probably do it again tonight.”
Talk about the need for complex passwords and privileged account management.