Virgin has told 800,000 customers using SuperHub 2 hardware to change their router passwords to avoid being hacked. The problem, reported by Which?, is that the password can be attacked and guessed within days if the default is used.
Like a lot of routers, SuperHubs have a default SSID, which would be something like VM1234567 which is broadcast publicly. The password is then made up letters in a random order. On the SuperHub 2 it looks like this was fairly simple stuff, with just eight characters, seemingly just letters in a single case. Lockdown.co.uk says that the password possibilities are around 200 billion which isn't as hard to crack as it sounds. Which? claimed a few days, but Lockdown suggests it could be as quick as minutes.
It's also worth pointing out that once you're connected to the SuperHub's Wi-Fi you can alter the router's admin settings with admin/changeme as the default username and password. That's assuming the average users has changed these, which they almost certainly won't have.
Virgin Media says that the security on the SuperHub is roughly the same as other devices the same age. It also points out that a lot of users will have been upgraded to new hardware anyway, and need not worry about this.
However, there is an important lesson here. The default username and password on your router are terrible. You need to change them as quickly as possible when you install the hardware.
Even just switching to a random eight digit password with letters in both cases and numbers would increase the complexity a great deal. If possible, pick a phrase as your password, easy to type and hard for computers to guess. XKCD has all the advice you need on choosing a password that's easy to remember and hard for a computer to guess. [via: Which?]