An exposed ownCloud instance at cloud.star.net.kp, resolving to 175.45.176.31, revealed user files and server logs from North Korean-hosted infrastructure. The accessible /data directory exposed files for each user and logs showing activity from RFC-1918 addresses that suggested internal North Korean logins, alongside external access through other ASNs. Failed login attempts reused valid usernames and a shared test user-agent, while some access involved ExpressVPN and VPN Gate infrastructure. The exposure provides rare visibility into DPRK server administration, access patterns, and data-handling failures rather than documenting a conventional intrusion campaign.