Because the people who set them up, don’t use secure passwords, and so when a hacker finds the device they just try commonly used passwords, and get in.

People are warned over and over to use secure passwords, but they don’t because its hard to remember. Also, many companies have 2 factor authentication, but people don’t want to be bothered with it because they are lazy.

Only you can protect yourself.