Why tvlicensing.co.uk are processing millions of customers’ data insecurely September 5, 2018 https://i83.co.uk/why-tvlicensing-co-uk-are-processing-millions-of-customers-data-insecurely/
I've been shocked by how common it is for providers to email server and VPS passwords to customers. But I guess they figure that smart customers will change them ASAP. And if adversaries change them first, customers will just file a ticket to complain. But then, what about hidden backdoors? Anyway, secure providers require that customers provide public SSH keys, and just don't use passwords.