401
Over 40,000 admin portal accounts use 'admin' as a password
(www.bleepingcomputer.com)
This is a most excellent place for technology news and articles.
2% is plenty enough to get a lot of orgs malwared. What gets me is the number of orgs that just have administrative systems internet-facing. That's the first fail