Asus RT-AC68U "AiCloud" FTP file share

Hello, I write this in extreme embarrassment and if I had a third arm, typing with a face palm at the same time.

In stupid excitement of exploring my OE firmware on my Asus router, I attached an HDD to have some kind of NAS functionality- all the while a bad feeling about security nagging at me.

It was setup this way for months, until the security issue nagging at me became too much, I googled around, couldn't believe how open Asus had made it (my firmware version was the one that didn't ask for a password to be setup for the FTP setup) and figured despite having changed the router's default password, I was probably pwn'ed within hours of connecting.

So in the professional opinion of some of the professionals here, having changed my routers password, but not having put a password in place for the AiCloud function (option came in a later firmware), how quickly was I pwn'ed, and safe to say the data I had on the drive is all over the place now?

Calling on @Eden

The ai cloud function as far as I know should only work linked to an Asus account.

As for FTP, was it available out of the network? Chinese bots might have had access to the files at the very least if it was enabled to allow anonymous access from outside the network. Not sure about anything else as I haven't looked closely at their routers. I do have one though but don't have access to it.

The data may have been accessed. It's probably good to assume that has happened. Anything else.. Not sure. far less likely anything else has happened but it depends if there were any vulnerabilities in the router at the time.

There are a lot of articles that loosely talk about the hack, one-

But I've had a really hard time finding the actual details to pull off the hack to get a better understanding on how low my fruit was hanging, or moderately hard. I initially had my HDD setup just to be accessible by other items within my network and that was apparently safe. Then I got frisky and enabled AiCloud and gleefully watched some Red vs. Blue from my HDD on my phone at a restaurant, validating my access-- figuring, "hey, Asus is big, there are securities in place"-- I'm an InfoSec rookie.

I updated my firmware when possible, I had the HDD enabled to remote access before the password fix had come out, and for a little while after the password firmware came out. It was dangling out in the internet for over a month easy.

So curious if anyone here had a more detailed understanding of the particular vulnerability, the various tools people were using to find said routers, how fast and effective they were etc. I've read on some people's blogs on how they opened various services up, be it on purpose (not a honeypot, but wanted to give voip to a g/f overseas or something) or for some other random reason and how extremely quickly their change was found and exploited.

Basically settling with the feeling its safe to say I may have been mentioned in a few hacker forums as, "hey, look what this idiot had on his HDD" (as there was some PII in there as well as some CompTIA study material that makes this all that much more ironic).