To be fair, the complete security failure outlined in the article is at the app level and not something I'd expect most IT departments to bear responsibility for (unless they were directly consulted about how good of an idea using basic auth with hardcoded credentials is and gave an OK on it).
Of course, I wouldn't be too surprised if the app/API here were also outsourced to a low fixed price development shop.
Of course, I wouldn't be too surprised if the app/API here were also outsourced to a low fixed price development shop.