[SXX]

It should be priority for hosting companies though since leaked credentials and websites hosting malware is a problem.

[Nextgrid]

Shared hosting companies are still exposing cPanel/WHMCS to the outside world. You don't need FTP passwords to pwn this kind of crap.