The exposed server was hosted on Microsoft's Azure government cloud, reports TechCrunch, "which uses servers that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data."
The server contained roughly three terabytes of military emails which may have pertained to US Special Operations Command. The site reports that a misconfiguration left the server "without a password," which allowed the emails to be easily accessible by anyone with internet access with just a web browser, so long as the IP address was known.
One security researcher, Anurag Sen, found the server last weekend and gave the details to TechCrunch, which then alerted the US government.
The server contained sensitive military information and email messages which dated back "years." One email included a filled-out questionnaire that federal employees use to seek security clearances. Those forms contain sensitive individual information before they are cleared to handle classified information.
The questionnaires hold a "significant amount of background information on security clearance holders valuable to foreign adversaries," TechCrunch reports.
Chinese hackers had previously stole millions of sensitive background check files seeking security clearances in a data breach of the US Office of Personnel Management.
The mailbox server was first detected spilling information two weeks ago, on February 8. It is not known how the mailbox became exposed, but it was likely due to human error. The server was not secured until Monday afternoon. "When reached by email, a senior Pentagon official confirmed they had passed details of the exposed server to USSOCOM. The server was inaccessible soon after," TechCrunch reports.
“We can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” said USSOCOM spokesperson Ken McGraw.
It is not clear whether or not anyone other than Sen found the server in the two weeks that it was accessible. "TechCrunch asked the Department of Defense if it has the technical ability, such as logs, to detect any evidence of improper access or data exfiltration from the database, but the spokesperson did not say," their report concludes.
Join and support independent free thinkers!
We’re independent and can’t be cancelled. The establishment media is increasingly dedicated to divisive cancel culture, corporate wokeism, and political correctness, all while covering up corruption from the corridors of power. The need for fact-based journalism and thoughtful analysis has never been greater. When you support The Post Millennial, you support freedom of the press at a time when it's under direct attack. Join the ranks of independent, free thinkers by supporting us today for as little as $1.
Remind me next month