Security 2 The company's biggest security hole lived in the breakroom 2 Connected devices can leave an otherwise secure network vulnerable Avram Piltch Thu 2 Apr 2026 // 08:01 UTC Pwned Welcome to Pwned, The Register's new column, where we highlight the worst infosec own goals so you can, hopefully, protect against them. Caffeine is an essential tool for most IT defenders, so, on balance, we're sure it has protected against a lot more exploits than it has caused. But in this case, the desire for everyone's favorite stimulant led to a massive breach. Our story comes to us courtesy of a reader we'll Regomize as TR, a digital forensics investigator with almost two decades of experience. He describes a situation where a corporate client called because they thought that their server room had been invaded by a rival after suffering a data breach. Rather than jump to that conclusion, TR and his company spent several days looking for malware and other vulnerabilities on the network. What they found was rather surprising. It turned out that the leak came not from malicious software, but from an internet-connected coffee machine that was on the client's secure network. This device could output espresso, but it also came with a default password, an ancient OS, and no firewall. Threat actors discovered the coffee machine and used it to get around all of the client's security measures. Every time someone brewed a cup, the machine was sending packets outside the country to malicious actors. "We needed to explain to the room that was full of vibrant executives that they had highly sensitive data that was compromised by a cappuccino," TR said. "Even the most expensive firewall that the world has to offer will not be able to secure you when even your kitchen appliances are chatting with the enemy." To BSOD or not to BSOD? Only Microsoft knows the answer Windows pays tribute to Britain's creaking rail network with a BSOD Lloyds Banking Group apps play mix-and-match with customer transactions Hotel's rotary switchboard so retro it predates the concept of crashing Sound far-fetched? Merritt Maxim, VP and research director at Forrester Research, said that this incident reminded him of one from 2017, when hackers used a connected fish tank to pwn a North American casino [PDF]. The tank used a VPN to separate its data from the rest of the network. However, attackers still managed to exfiltrate 10 GB of data and send it all the way to Finland, according to Darktrace. "Forrester data shows that connected devices are increasingly involved in data breaches," Maxim said, "because they often have default passwords, lack monitoring of traditional desktops, and are often assumed to be benign." So be careful what devices you allow onto your network. And make sure you always change the default passwords. Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com . Anonymity available upon request. ® Share More about Security More like these × More about Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust More about Share 2 COMMENTS More about Security More like these × More about Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust TIP US OFF Send us news