Sensitive military emails leaked online after DOD left server exposed without password

News & Politics

A Department of Defense server hosting sensitive internal military emails was left exposed online without a password for two weeks due to a misconfiguration, TechCrunch reported.

The outlet explained that anyone with internet access and knowledge of the server’s IP address would have been able to view the sensitive mailbox data.

The Pentagon’s exposed server, hosted on Microsoft’s Azure government cloud used by DOD customers, contained three terabytes of sensitive internal military emails with years of personnel information. Most of the emails pertained to U.S. Special Operations Command, a military command responsible for conducting special operations missions worldwide.

At least one exposed email included a security clearance questionnaire containing a federal employee’s highly sensitive personal and health information. The outlet explained that sensitive employee background information could be valuable to foreign adversaries.

You Might Like

TechCrunch noted that none of the data appeared to be classified, which is consistent with USSOCOM’s civilian network. Classified servers are not connected to the internet to ensure security.

The open server was discovered by an independent cybersecurity researcher, Anurag Sen, who was running vulnerability tests over the weekend. TechCrunch estimated that the leak occurred as early as February 8 and likely resulted from human error. After alerting the DOD on Sunday, a senior Pentagon official confirmed that the information was passed along to USSOCOM, and the agency secured the server by Monday afternoon.

U.S. Special Operations Command spokesperson Ken McGraw told the news outlet, “We can confirm at this point … no one hacked U.S. Special Operations Command’s information systems.” He noted that DOD launched an investigation on Monday into what caused the error.

At this time, it is unclear if anyone other than the security researcher who reported the issue accessed the sensitive data during that two-week timeframe. A DOD spokesperson did not specify if the agency has the ability to view logs or detect improper access.

KOMO-TV reported that a USSOCOM spokesperson declined to provide additional details regarding the open server and noted that the DOD’s Cyber Command would address questions going forward. Cyber Command has not yet responded to a request for comment, the outlet noted.

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!

Articles You May Like

When an electric vehicle crashes, even in a minor accident, insurance companies junk the entire car because its battery has to be tossed
VIDEO: Chocolate factory explodes; 1 pulled alive from rubble, 5 missing, at least 2 dead
Shoot to Kill: Nashville Police Teach Country’s Police How to Handle School Shootings
DHS secretary says he would support an assault weapons ban, then fails to deliver a definition of ‘assault weapon’
Gun jam thwarts robbery attempt at grandmother’s food truck in Houston. She pulled out her own gun and killed the suspect.

Leave a Comment - No Links Allowed:

Your email address will not be published. Required fields are marked *