Botnet operators can be as clueless about security as their victims, says researcher Ankit Anubhav. He recently stumbled upon two databases of two IoT botnets secured with the trivial username and password combination of root/root. Both of these weakly secured botnet C&C servers located at 80211.232.43 and 80.211.45.89 are now offline. Both botnets regularly change the IP addresses of their C/C servers after one week.
Source: https://www.bleepingcomputer.com/news/security/botnet-authors-don-t-learn-anything-from-victims-and-secure-databases-with-root-root/