Much of the data, which wasn’t even password protected, pertained to the US Special Operations Command
The US Defense Department left three terabytes of internal military emails unprotected by so much as a password on Microsoft’s Azure government cloud for more than two weeks, security researcher Anurag Sen revealed to TechCrunch on Sunday.
The vulnerability was finally patched on Monday, a day after the outlet contacted US Special Operations Command (USSOCOM) to alert it that years of sensitive personal data on a server comprising part of an internal mailbox system was freely available to view for anyone who had the right IP address. The Pentagon confirmed via a senior official on Monday that it had passed the information from TechCrunch on to USSOCOM.
In addition to internal military email messages, some of which were years old, the server contained plenty of sensitive personnel information, including the detailed forms filled out by federal employees applying for security clearances. These 136-page questionnaires, known as SF-86, are desirable enough to foreign rivals that Washington believes Chinese hackers stole millions of them upon breaking into the US Office of Personnel Management.
None of the information on the exposed server was believed to be classified, as USSOCOM’s classified networks are not accessible from the internet.
It was unclear why the server was not password-protected, though a spokesman for USSOCOM told TechCrunch in an email that “We can confirm at this point…no one hacked US Special Operations Command’s information systems.”
The spokesman did not answer when asked if the Defense Department kept logs that would show who besides Sen might have accessed the sensitive data, but said that an investigation into the vulnerability had been opened on Monday.
The server was first observed to be spilling data on February 8, according to a listing on Shodan, a search engine for exposed systems and databases, cited by the outlet.
Last month, a Swiss hacker claimed to have come across a copy of the US Transportation Security Administration’s ‘no-fly’ list on an unsecured server belonging to US regional and commuter airline CommuteAir.
RT (Russia Today) is a state-owned news organization funded by the Russian government. The information provided by this news source is being included by the Libertarian Hub not as an endorsement of the Russian government, but rather because it is being actively censored by Big Tech, Western governments and the corporate press. During times of conflict it is imperative that we have access to both sides of the story so we can form our own opinions, even if both sides are spewing their own propaganda. The censorship of RT, despite likely being a propaganda outfit for the Russian government, reduces our ability to hear one side of the conflict. For that reason, the Libertarian Hub will temporarily republish the RSS feed from RT. Visit https://rt.com
