Have you left the door wide open?

Something that I see all to often - seriously misconfigured servers hosting Magento websites.

In a Magento installation, there are only a small number of files that are designed to be publicly accessible. The vast majority of the files and folders are certainly not meant to be accessible and some of these folders can contain highly sensitive information such as database backups containing customer information. On a badly configured server, these private filesystem locations can end up being publicly accessible and easy to access via the web browser.

In this world of GDPR and general anxiety about privacy and data controls, how sad is it to see that certain companies have unwittingly left their precious customer data open for the world to gain access to by simply accessing the correct sub folder on their website.

Why is this happening?

Simply enough, the server hosting Magento has been configured badly. The solution to this is to correctly configure the webserver. Follow these official docs:

https://devdocs.magento.com/guides/v2.4/install-gde/tutorials/change-docroot-to-pub.html

The other thing you should probably be doing? Hire a decent professional Magento team with proper expertise and a commitment to best practice. It doesn't have to be Edmonds Commerce, though of course I can recommend that as a good option`