A recent study conducted by security researcher Himaja Motheram at Censys in April 2026 reveals that nearly 6 million servers are still using the outdated File Transfer Protocol (FTP). While this represents a 40 percent decrease from the 10.1 million servers recorded in 2024, the continued use of FTP poses significant security risks due to insecure default configurations. The report indicates that the main issue is not with purpose-built file transfer systems but rather with default settings on shared hosting networks and broadband providers. Although 58.9 percent of these servers support encrypted connections through Transport Layer Security (TLS), approximately 2.45 million servers still transmit data in cleartext, making them vulnerable to interception. Regional differences in encryption adoption are marked, with mainland China and South Korea displaying the lowest TLS usage rates among the top hosting countries. Japan, on the other hand, is noted for its reliance on outdated encryption protocols such as TLS 1.0 and 1.1. The default settings of software daemons are a major factor in these vulnerabilities. Censys advises organizations to critically assess the necessity of FTP in their operations and consider alternative secure file transfer methods. As the use of FTP gradually decreases, it is crucial for enterprises to address the persistent risk posed by neglected default configurations, which remain the primary vulnerability rather than sophisticated attacks.