This used to be just sloppy configuration but not these days
In the past this sort of thing would be down to sloppy configuration by a sysadmin, ie leaving the management interfaces exposed to the world as there's no reason why everyone & his dog needs access to them, but then I've seen so many so called cloud providers doing this without the option to lock it down it's surprising these don't happen more often.
That said I've known one person over the years who wanted to expose MS sql server to the world because 'it was easier'