I worked at two big, well known software companies which had the same default password - company123, albeit for low security stuff, where you wanted wide access but a password was required for some reason.
Well, a lot of companies are doing it in reverse , by not properly securing test sites, and bringing live sensitive data from prod to test . I don't know which is worse