The vast majority of users assuredly have an Internet connection they already use with at least one other machine on it, so unless ISPs are handing out another public IP for their NAS, it's almost certainly behind a NAT.
If so, someone simply cracked bad security 6 years out of date and scanned for devices.
Maybe the majority of them aren't so much an "exploit" as they are "easily guessed credentials". The fact that anyone else, anywhere else on the Internet can also use those same credentials to access their data is something that probably few people realise when they set one of these things up.
If so, someone simply cracked bad security 6 years out of date and scanned for devices.
Maybe the majority of them aren't so much an "exploit" as they are "easily guessed credentials". The fact that anyone else, anywhere else on the Internet can also use those same credentials to access their data is something that probably few people realise when they set one of these things up.