Shouldn't that last line read 'The irresponsible operators have been notified, the researchers say.'?
So is this yet another case of nobody wanting to bother with checking out the security of their systems, and just throwing something into existence because they can? I wonder just how many more of these really piss poor implementations (of either hardware or software) we're going to read about in the next few years...