A US government email server has been detected online without the correct password (opens in a new tab) protect its contents by essentially disclosing sensitive information to anyone who knew where to look for it. Did anyone really know where to look – it remains to be seen.
The exposed email server was hosted on Microsoft’s government-owned Azure cloud for the Department of Defense, allowing sensitive but still unclassified data to be shared.
This service offers servers that are physically disconnected from commercial customers and was part of an internal mailbox system that contained approximately 3 TB of internal military emails, some of which related to the United States Special Operations Command (USSOCOM), a military special operations.
Terabytes of data
However, it seems that the server was not password protected, so you only need to know the IP address to access it and all the data stored on it.
This hosted data reportedly contained sensitive information such as internal military emails, personal information and health information about certain government employees, and more.
The breach was spotted by security researcher Anurag Sen, who notified TechCrunch of the news so it could alert the US government.
TechCrunch said it has seen some data hosted on the server and believes it is unclassified, “which would be consistent with the civilian USSOCOM network,” it argues.
The server was first listed as being leaked on February 8, but there’s no explanation yet as to why this happened.
Soon after, TechCrunch contacted USSOCOM, and the server was locked down the next day.
Responding to an email inquiry, USSOCOM spokesman Ken McGraw said the incident was not the result of a hack: “We can confirm that no one has hacked into US Special Operations Command information systems at this point in time,” McGraw said.
By: TechCrunch (opens in a new tab)