Sticky-note security turned gym into hall of '80s horrors

PWNED Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else shoot themselves – in the foot. Today's tale shows that even when you're setting up something as simple as fitness gear, there's no excuse for leaving security credentials lying around.

Our story this week comes from someone we will Regomize as JC, a proprietor of a company that sells and installs used gym equipment. He had a contract with a hotel to install some cardio equipment with video screens, designed to let exercisers watch Netflix over the LAN.

However, one of JC's employees left the default admin PIN for the equipment on a Post-it note attached to one of the treadmills. This allowed a hotel guest to log into the control panel and queue up '80s music videos. We have no idea what songs the ...