Palo Alto Crosswalk Signals Hacked Due to Default Passwords

In January 2026, it was revealed that crosswalk signals in Palo Alto, California, were hacked in 2025 due to the use of default passwords. While the specific details about the equipment involved and the extent of the disruption remain undisclosed, this incident underscores a critical cybersecurity issue: the failure to change default passwords in operational technology (OT) systems. Crosswalk signals, as part of a city's critical infrastructure, rely on networked systems that can be vulnerable to cyber attacks if basic security measures are not implemented. The use of default passwords is a well-known risk, yet it continues to be a prevalent issue in many organizations. This incident highlights the importance of cybersecurity hygiene, particularly in systems that control physical infrastructure. For cybersecurity professionals, this serves as a reminder of the need for comprehensive security policies that include regular password updates and the elimination of default credentials. Furthermore, it emphasizes the potential consequences of overlooking basic security practices in seemingly low-risk systems. While the lack of detailed technical information limits a deeper analysis, the incident clearly demonstrates that even fundamental security oversights can lead to significant disruptions in critical public services.