@theresnotime Knowing how many SQL installations in general have been done by following blindly some 'how to instal MySQL' documentation, I wouldn't be amazed if like 50%+ of all the installations out there had root/root credentials and probably the thing also listened to outside world.

One of the very first actual break-ins I've ever investigated was a virtual machine that a young web dev had been given and he figured out somehow that it would be easier to make it listen to the box's public address, so he could then handily connect to the MySQL instance from his own computer directly.

Naturally the password was something that couldn't hold against a dictionary attack for longer than an hour.