Broken or misconfigured access controls can make private parts of a given website public when they’re not supposed to be. They are one of several methods cybercriminals use to breach computer systems.
For example, a website administrator at an online clothing retailer will make certain back-end folders within the website private, i.e. the folders containing sensitive data about customers and their payment information. However, the web admin might forget to make the related sub-folders private as well. While these sub-folders might not be readily apparent to the average user, a cybercriminal using a few well-crafted Google searches could find those misconfigured folders and steal the data contained in them.
Much like a burglar climbing right into a house through an open window, it doesn’t take a lot of skill to pull off this kind of cyberattack.