An employee at a mid-sized tech firm had automatic photo backup enabled to a personal NAS. The NAS had a public index of /private/DCIM listing. An opportunistic attacker found the listing via Shodan, downloaded 3GB of images, and discovered a photo of a whiteboard containing API credentials.
allow you to map "Private DCIM" folders and sync them to a secure, private cloud without exposing the directory structure to a web indexer. 3. Development (File Indexing APIs) indexofprivatedcim
Contents