The attack was against an unsupported version of Windows with no firewall and shared the same TeamViewer password among its employees.

In short it, it probably was not a hack at all.  After gaining remote access to a computer that controlled equipment inside the Oldsmar water treatment plant, the unknown intruder increased the amount of sodium hydroxide -- a caustic chemical better known as lye -- by a factor of 100. The tampering could have caused severe sickness or death had it not been for safeguards the city has in place.

According to an advisory from the state of Massachusetts, employees with the Oldsmar facility used a computer running Windows 7 to remotely access plant controls known as a SCADA -- short for "supervisory control and data acquisition" -- system.

What's more, the computer had no firewall installed and used a password that was shared among employees for remotely logging into city systems with the TeamViewer application.

The revelations illustrate the lack of security rigour found inside many critical infrastructure environments.

In January, Microsoft ended support for Windows 7, a move that ended security updates for the operating system. Windows 7 also provides fewer security protections than Windows 10. The lack of a firewall and a password that was the same for each employee are also signs that the department's security regimen wasn't as tight as it could have been.