more than a petabyte of stored data is accessible to anyone online with the knowledge of where and how to look for it.
(Readable sites and login-credentials) picts or it didn't happen.
On an on-topic item: I, too, worked for a company where the SOP was to run a NAS with over 12PB of storage and the default credentials were used "for support reasons." For the rounding-off-error area of 40TB I controlled I was finally able to extract a concession and change a single character of the password: an "o" to a "0".
At least it wasn't accessible on the internet. And that change kept anyone internally from logging into my section on the first try.