Wouldn't shock me if a router target list were compiled by Google, if not them being the vector of implementation. For a time there Google was Wardriving, then they got caught but ultimately didn't give a shit because their phones by default "phone home" with people's Wifi data anyway.
Regardless, most people are nowhere near tech savvy enough, nor motivated, to implement even rudimentary security measures to prevent this kind of thing. So even if not Google, that commonly left @default router login info has always implied the eventuality of a disastrous setup like this. All a group would have to do is get a coordinated and distributed group of Wardrivers.
www.theguardian.com/technology/2010/may/15/google-admits-storing-private-data
www.pcworld.com/article/205062/After_Google_Incident_WiFi_Data_Collection_Goes_on.html
http://wardriving.com/
www.csmonitor.com/World/Passcode/2015/1202/Your-Internet-router-is-a-security-risk.-Here-s-why