Yes this is true that a hacker stolen US drone, tank documents for $200 on the dark web. Main reason of information leakage was because of nobody changed the default router password.
1How to avoid these type of attacks?
High-profile hacks like this one will remain common (unless people apply critical security patches and change the default passwords on their devices) and could have lasting consequences. An attacker was able to infiltrate the computer network of a Nevada Air Force base (nobody changed the default password of a Netgear router on its network). Then able to access sensitive documents about the Air Force’s MQ-9 Reaper drone and put them up for sale on a dark web marketplace.
Those sensitive documents were discovered on the dark web marketplace by a security research firm Recorded Future who spoke with the hacker to confirm the validity of documents. They determined the breach took place as a result of a well known Netgear router vulnerability and a default FTP password on that router.