The title is no longer required.
Facepalm
An IoT botnet has been commandeered by white hats after its controllers used a weak username and password combination for its command-and-control server. Ankit Anubhav, of Newsky Security, said researchers with the company were able to take over the MySQL server used to control the Owari botnet – thanks to its creator leaving …
As usual the developers go charging off and putting dev code out into production before they speak with the DBA and infrastructure teams! Bloody typical! Although in fairness, I can imagine these hacker devs probably has some arsehole project manager beating them with the paperwork and demanding a stupid release date be met! Ha ha!
And maybe no really important information to protect? So no real reason to invest in security? Easy to remember creds on a shared system, and who cares if they are weak?
Maybe these guys are not completely daft, after all. The article seems to suggest the white hats didn't manage to do much even with everything they discovered...
Not sure why the bad guys had any history. That may cause some information leakage (though it seems to have leaked their competitors' IP addresses only in this case, eh?). That actually does sound like development infrastructure left in "production" code by negligence...