Personal information of US military exposed on the internet
The United States Government announced that it had a leak of internal emails from the Department of Defense.
According to TechCrunch, this occurred after one of the Pentagon’s servers was left without any protection, which allowed free access to that information.
This server was in Microsoft’s Azure cloud, in a special section for the US agency, which allows it to share confidential, but not classified, government data.
“The exposed server was part of an internal mailbox system that stored around three terabytes of internal military email, much of it belonging to the United States Special Operations Command (USSOCOM), the military unit tasked with conducting special military operations.” , indicated the specialized website.
The cause of the incident
The outlet exposed that the reason why the failure originated in the server was an incorrect configuration, which removed his password. In this way, anyone with internet access could review the confidential information just by knowing the corresponding IP.
“It is not clear how the mailbox data was exposed to the public internet, but it is likely due to misconfiguration caused by human error,” the portal said.
The discovery of the incident was reported by the specialist in the search for confidential data Anurag Sen, who confirmed that the emails, by mistake, are online. In this way, the US authorities could be contacted, who secured the server on Monday, February 20.
Later, USSOCOM spokesman Ken McGraw told the portal that the investigation was continuing, but that they ruled out a hack to the systems.
“We can confirm at this time that no one hacked into the information systems of the United States Special Operations Command,” he said.
What information was exposed?
Among the files made available by the Pentagon server failure were SF-86 questionnaires containing personal and health information on federal employees.
These serve to investigate people before being authorized to handle classified information.
Those documents “contain a significant amount of background information on security clearance holders valuable to foreign adversaries,” TechCrunch said.