Nice catch! Saw the same thing you did, and I had the same reaction. MAYBE (hopefully 🫤) it's a public-facing account used for demos, at least I hope so. Security auditing is my main gig (mostly red teaming, aka "uuhh, your EDR is down brah?" kinda work), and reading comments like yours makes me happy. I'm glad that more people are tuned into and aware of these SEEMINGLY tiny details; tiny details that can be used to take over and lock someone out of their account(s) before they even realize they made a mistake. I know the number of people clued into this kinda stuff isn't nearly as large as it should be, especially with the ubiquity of network infrastructure, but considering that people still won't take the literal seconds out of their day to change default passwords when they buy new hardware, well, ANY win is worth pointing out! And to any of the FAR TOO COMMON "is it REALLY that big of a deal? It was on the screen for like a second . . . " type of commenter . . . . TWO things. First of all: 😳. Second, even without a password, there are SO MANY NASTY THINGS that someone with motivation and know-how can do with JUST a username . . . . ESPECIALLY ON AWS! 🙂🐧🐧🙂

Super helpful: www.sparkfun.com/products/21271