not an user failure, an engineering failure, probably pushed by excessive user friendliness reqs
It's not quite like password reuse and massive website credential breaches are a new phenomenon.
If even our Overlord the Zuck uses a really dumb password, repeatedly, then a software vendor that operates in as sensitive a context as TV should have taken a long, hard, look at what could go wrong on the user end and plan accordingly.
Blaming the users isn't good PR and in this case user failure of this type should have been anticipated and planned for. Even at the cost of less easy to use processes - a hostile remote logon is just too nasty to risk allowing on anything but the most extreme and unlikely user security mistakes (like telling someone your login credentials outright and then confirming you accept their connection).
IMHO they pretty much deserve their Ashley Madison moment. And hopefully other vendors will learn from it.