: When a server is misconfigured, it may publicly list all files, such as backup logs or text files containing user data.

In 2019, Facebook (now Meta) admitted to a major internal security failure where hundreds of millions of user passwords were stored in (unencrypted) on internal servers.

Facebook Stored Millions Of User Passwords In Plain, Readable Text

The phrase uses a search operator to look for "Index of/" pages, which are web server directories that display their contents because a default index file (like index.html ) is missing.

: Hackers use this to find "auth_user_file.txt" or other plain-text files that might contain login info for users who use the same password on multiple sites. The Plaintext Password Controversy