I have a feeling that the true server in question IS secure. Default passwords? Smells like honey to me.
I agree, it seems a little too convenient that he got in using the default passwords. They probably kept that system running as bait specifically to get people to try to break in.