All standard users created by Oracle have associated passwords. The two primary DBA accounts, SYS and SYSTEM, have (unfortunately) well-documented passwords. Most break-ins into Oracle databases are through one of these accounts, where the initial passwords provided with the installed systems have never been changed.