Comment by aaronmdjones

There was also https://www.techspot.com/news/108619-mcdonalds.html

> Moreover, when Carroll attempted to alert Paradox to the breach, he was unable to find a security disclosure contact. The company's security page mostly consists of a simple assurance that users shouldn't need to worry about security. Eventually, after the researchers emailed "random people," Paradox and McDonald's confirmed that they resolved the issue in early July.

Shouldn't need to worry indeed. McDonald's evidently doesn't either.

Can someone tell them to put "Set a password a five-year-old child can't guess" onto their deployment checklist?