If you are an end-user or system administrator:

Treat any Soyal ZIP backup as a sensitive credential store — not a mere configuration file.

In 2022, a penetration test of a Southeast Asian bank found Soyal backup ZIPs on an exposed SMB share with password soyal123 – leading to cloning of 2000+ access cards.