developer created a public S3 bucket to share marketing assets. However, the same bucket also contained internal documents. A threat actor found it via a public bucket scanner, downloaded sensitive company roadmaps, and posted them online — triggering an internal investigation and reputation damage.