One of my high school friends works in the IT department of FedEx. At home, he uses his smartphone with WPA2 encryption to create a wireless hotspot for his devices. Lately, one of the AT&T towers near him had intermittent issues and fell upon an unsecured wireless network. While not doing anything personal on it except for looking at the weather, he was able to run ipconfig/all to find out the IP address of the router. He looked online and noticed that the default admin account and password were UNCHANGED.
He now thinks he may get in trouble because of his actions, but I told him not necessarily, because now he can possibly alert his neighbor (I don't know how) that keeping your wireless network unsecured could attract many leeches and essentially steal something they haven't paid for, but he is also afraid that he may be in trouble for bringing it up. What should he do? He hasn't been himself today.. way too quiet, and scared for what could happen as a result of his findings. I want to console him but I don't know how.