loading…
A Hewlett-Packard ProLiant commercial data server intended for cloud computing workers assemble at the company’s manufacturing facility in Houston, November 19, 2013. Photo/REUTERS/Donna Carson
WASHINGTON – The United States Department of Defense (US) left three terabytes of internal military email unpassword-protected in Microsoft’s Azure government cloud for more than two weeks.
This shocking news was revealed by security researcher Anurag Sen to TechCrunch on Sunday (19/2/2023).
The vulnerability was finally patched Monday, a day after TechCrunch contacted US Special Operations Command (USSOCOM) to warn of years of sensitive personal data on servers comprising parts of the internal mailbox system freely available for viewing by anyone with the correct IP address. .
The Pentagon confirmed through a senior official Monday that it had passed information from TechCrunch to USSOCOM.
Also read: US Congressman: Biden’s Journey to Kiev Slap Every American in the Face
In addition to internal military email messages, some of which are many years old, the servers contain a great deal of sensitive personnel information, including detailed forms filled out by federal employees applying for security clearances.
The 136-page questionnaire, known as SF-86, was of interest to foreign rivals enough that Washington believes Chinese hackers stole millions from them when breaking into the US Office of Personnel Management.
None of the information on the open server is believed to be private, because USSOCOM’s covert network is not accessible from the internet.
Also read: This Muslim man marries a transgender woman in a Hindu ceremony on Valentine’s Day
It’s not clear why the servers weren’t password protected, though a USSOCOM spokesperson told TechCrunch in an email that, “We can confirm at this time…no one compromised US Special Operations Command’s information systems.”
