Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Approximately 6 million internet-accessible systems are using FTP today, and almost half of them do not use encryption, a fresh Censys report shows.

In use for more than half a century, FTP uses a client-server model architecture to facilitate the transfer of files and folders between computers.

Unlike modern protocols, however, FTP transmits data unencrypted and has been deemed insecure for years. Its continued use exposes enterprises and end users alike to avoidable risks.

The number of hosts running an internet-facing FTP service has dropped by 40% since 2024 (from 10.1 million to 5.94 million), but the protocol still accounts for 2.72% of all internet-visible systems, Censys says.

Also alarming is the fact that 2.45 million of the observed FTP services show no evidence of encryption. With no observed TLS handshake, these servers either lack support for encryption, were not upgraded, or did not complete a ...