Free Laundry? A Student Hack Shut Down an Amsterdam Dorm’s Washing Machines

by ddos · September 14, 2025

An unusual incident unfolded at the Spinoza campus in Amsterdam: an unknown intruder hacked into the digital payment system of five washing machines. For several weeks, students were able to use the machines free of charge, until the summer when Duwo, the company responsible for student housing, shut down access to the laundry facilities. Since then, more than 1,200 residents have been left without the ability to wash their clothes on campus.

Duwo explained that it could not shoulder the expenses on behalf of the students: the funds collected from paid washes are necessary to maintain the equipment and keep rates affordable. Once the breach was discovered, access to the machines was completely blocked. The perpetrator has not been identified, and the case is the first of its kind among Dutch housing corporations.

Students have been forced to rely on ten old, mechanically operated washing machines in a nearby building. However, these machines frequently break down under heavy use, leaving at times only a single unit functioning for the entire community. Residents complain of long queues, with some voicing concerns about unsanitary conditions. Others note that the heat in the dormitories is far more unbearable, while a few admit they always preferred the older laundry room, where more machines are available and waiting times are shorter.

Cybersecurity specialist Sijmen Ruwhof explained that hacking “smart” household appliances is a growing trend. Internet-connected washing machines or televisions can be hijacked using simple laptop software. Compromised devices can not only perform free washes but also be conscripted into cyberattacks: linked into a botnet, they can overwhelm major websites with floods of requests. In Ruwhof’s view, the culprits in this case were likely students themselves, possessing programming skills and treating the attack as both a challenge and a means of proving their abilities.

The legal consequences, however, are severe: unauthorized access to such devices can result in up to one year of imprisonment, while cases involving theft can lead to sentences of up to six years. Ruwhof advises students to report vulnerabilities rather than exploit them for personal use, as courts will regard such actions as criminal.

Duwo has since announced plans to switch entirely to traditional machines without digital modules in order to prevent similar incidents. According to Ruwhof, abandoning “smart” appliances in communal spaces is a justified step, as it reduces the risk of data leaks and eliminates opportunities for exploitation. He emphasized that even seasoned professionals can be tempted to probe such devices for weaknesses.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal