Two "unusual, open ports (8123 & 9000) that led to the exposed database" were not hard to find.
"In some cases, the actor may be restricted or detected by advanced defense-in-depth and zero trust implementations as well, but this has been a rare finding in assessments thus far"
"If you open a service to the world, at least use decent authorization and authentication"