A quick search on Shodan, a search engine for devices and services, revealed 2,284 etcd servers that were directly accessible from the internet through their RESTful APIs.
“I clicked a few and on the third try I saw what I was hoping not to see,” Collazo said in a blog post. “CREDENTIALS, a lot of CREDENTIALS. Credentials for things like cms_admin, mysql_root, Postgres, etc.”