2 fourteen year olds no less: www.bankrate.com/financing/banking/...ar-olds/?ec_id=cmct_01_comm_PF_image_headline
The login was probably Admin with a password of Password or something else equally stupid... *shakes head sadly* People outside of "the circle" don't seem to understand what makes a good password good...
I doubt it was even that sophisticated, it was probably a 4 digit number (a bit like a card pin) and probably the default installation one. I don't know if they would even gone to the trouble of logging attempted entries or blocking if too many attempts had been made since it was probably using an old firmware. (How often do you think ATM's are "updated"?) There should be frequent changes to passwords on such systems re-rolled as a mandate, with firmware patches as well, however ATM's are probably programmed similarly to how OpenSSL was originally managed.
Most ATM's I've seen, when they fail, revert to either a BSoD or Windows XP splash screen... which honestly, scares the piss out of me... several thousand dollars (physical currency) and hundreds of millions of dollars, protected by a now-defunct, no longer updated, major-release OS... seriously?
it could've been an inside job, someone that knows someone and so on, so on....! Usually you dont need to look too far or be too complicated. Just a suggestion.