39

This happened quite sometime ago.

I received a client, reputable university in my country. After all the paper work was done, I was emailed access to one of their AWS server, FTP where the username and password were both admin. I didn't say much to them at that moment.. Maybe they had some precautions?

Over night I received another email, around 3am,

"Hi Uzair, we've monitored a breach while leaving FTP access open."

Well, that was sorta expected.
I received SFTP access to the server the following day,

username: admin,
password: @dmin

Comments
  • 1
    Everyone knows the password should be @min, not "@dmin"
  • 0
    @hugh-mungus sadly it's not. They're privately owned 🤔
  • 0
    @hugh-mungus hahaha same I guess! It was honestly very weird since I am aware they have a very large and qualified IT team.
Add Comment