Re: Default passwords? In this day and age?
"It's not lazy, it's about cost and corporate profit. A few cents here, a few cents there, and pretty soon, the shareholder value takes a hit. Public agencies don't answer to corporate bosses but taxpayers and no taxpayer wants taxes raised to "fix" IT stuff since they don't understand it."
In many cases, the issue is poor planning and a lack of time to fully implement plans - we want to create/configure/deploy A with features W, X, Y and Z. By the time A is in production Y and Z are mostly done, X is on the to do list and W is forgotten about.
While this can be seen as a cost issue (if only we'd employed more people or taken more time to plan properly), in many cases this isn't apparent until long after the damage is done. Treating it as a corporate profit issue ignores the other cultural issues that result in these types of security problems.
Changing a default password is more likely to have been either a lack of product knowledge or a lack of simple security knowledge ("change any default passwords to something more secure"). Given the number of organisations affected, I'm frankly astonished that somebody within the organisations didn't question the lack of security.