A for your specific MikroTik model.
Newer versions prioritize or mandate .backup file encryption using AES.
If you suspect you were running unpatched firmware while exposed to the public internet:
When using /system backup save , always specify password=your_secure_string .
Modern RouterOS versions use stronger hashing algorithms, making "brute-forcing" a stolen backup significantly harder.
Look for unknown accounts in /user print .
Sensitive data is now often excluded from plain-text .rsc exports unless specifically requested with a sensitive-data flag. How to Secure Your Backups Today