Roughly 6 millions systems still expose FTP services to the internet and half lack encryption.

A Censys report found that roughly 6 million systems still expose FTP services to the internet, and about half show no evidence of encryption. Although FTP usage has declined by 40% since 2024, 2.45 million servers still transmit data without observed TLS protection. Many of these systems belong to major hosting providers, and millions run outdated or unencrypted FTP daemons such as Pure‑FTPd, ProFTPD, and IIS FTP.

Read more:

https://www.securityweek.com/half-of-the-6-million-internet-facing-ftp-servers-lack-encryption/