What should be secret AWS and API keys were (un)secured with the default password credentials: “admin” as the name, “admin” for a password.

https://nakedsecurity.sophos.com/2018/05/14/2-million-lines-of-source-code-left-exposed-by-phone-company-ee/