Article that came out yesterday: Bleeping Computer - Tens of Thousands of Defaced MikroTik and Ubiquiti Routers Available Online. Quick article summary is that the compromised routers were a mix of exploits from old firmware or users leaving the default credentials in place. The hacks then change usernames or hostnames to say "hacked" or "malicious FTP server." The more serious hacks lock out the owner by changing the admin password as well.
This was interesting to me because it has a lot of similarities to the various DVR hacks that rename all cameras to "hacked." The payload the hack delivered could have been much worse since admin access to a router would let the hacker setup a VPN to the network, join a botnet, etc. Instead they are just sending a warning (albeit an obnoxious one) to the owner to lock down their gear.
I like both Mikrotik and Ubiquiti as they are a great mix of pro features and consumer pricing and I think a lot of security integrators here use them as well. But this is article is another great example of why updating to the latest firmware and resetting the default credentials are required for anything facing the Internet.