Security researcher Fbio Castro discovered tens of thousands of Django apps that expose sensitive data because developers forget to disable the debug mode for the Django app. The researcher found 28,165 apps querying Shodan for Django installs that have debug mode enabled. The experts discovered server passwords and AWS access tokens that could be used by hackers to gain full control of the systems. The main reason [for all the exposures] is the main reason. This is not a failure from Djangos side. My recommendation is to disable debug mode when deploying the application to production.”]
Source: https://securityaffairs.co/wordpress/70869/hacking/django-apps-misconfigured.html