The manufacturers' passwords for cash machines used widely across the US are available online in an installation manual.

New York-based security researcher Dave Goldsmith, founder and president of penetration testing outfit Matasano Security, pieced together clues from a CNN broadcast and the website of Tranax Technologies, the ATM's manufacturer.

Then he searched for the ATM's installation and maintenance manual online which he said gave him enough information to hijack a Tranax Mini-bank 1500 series ATM if the manufacturer's default passwords had been left unchanged. 

"My guess is that most of these mini-bank terminals are sitting around with default passwords untouched," Goldsmith told eWeek. 

According to the Tranax website, around 70,000 1500 series ATMs are installed in the US.