If you didn't change the default password on your router when you set it up, stop reading this and go change it now. Otherwise, you're vulnerable to the most dangerous threat on the internet. Not convinced? You can log into the router of a major university, corporations, and other organizations right now.
A hacker going by the name of SuperSl1nk has discovered a bunch of networks across the globe that are still using their routers' default passwords, and has published a list of them along with the IP address anyone could use to get into the network. On this particular NetGear switch, the password is sadly "password" but this vulnerability exists for all routers and access points. The default passwords for these networking devices are widely known.
Among the networks affected are University of Maryland Baltimore County, Imagination, Capital Market Strategies L, LG DACOM Corp (Korea), and Hotwire Communications, E Hacking News reports . BellSouth was on the hacked list, but seems to have been fixed now.
What can a hacker who gets into your home or business router do? He could listen in on all your browsing sessions and see everything you're entering on, say, your banking site or change the DNS servers on the network to redirect you to identity theft websites. Michael Horowitz has more gory details about these kinds of attacks.
Another vulnerability was recently found where just opening an email from an attacker--not even clicking on any links--could give hackers access to your router and internal network. That is, if your router still has the default password.
Most tech-savvy people know to change the default password, but given that major organizations still haven't done it, this serves as a good reminder to everyone just in case. If you know anyone who likely hasn't changed their router's default password, do them a favor and send them this PSA.