I am not surprised. They had no clue what they where doing and incorporated no real security. It was just Tor on an open-wrt install, they had no docs on explaining OPSEC so users would probably use this to log into their normal accounts and breach the anonymity it gave them or worse. The fact they had a hard-coded password and no options to encrypt WiFi was just terrible.
Why the entire premise of Tor-enabled routers is ridiculous http://arstechnica.com/security/201...premise-of-tor-enabled-routers-is-ridiculous/