Pentagon Fixes Glitch That Allowed U.S. Military Emails to Be Spilled Across Web for Weeks

A secure server that allows for The US military Emails had been leaking across the internet for weeks. The problem was resolved on Monday 

According to reports, the exposed server was hosted on Microsoft Azure’s government cloud.https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/”>TechCrunch, “which uses servers that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data.”

Three terabytes worth of military emails were stored on the server, which could have been related to US Special Operations Command. According to the site, the server was misconfigured. “without a password,” This allowed emails to be easily accessed by anyone who had internet access and a web browser as long as they were known to the IP address.

One security researcher Anurag SenThe server was discovered by a user last weekend, and he gave TechCrunch the details. TechCrunch then alerted US government.

The server contained military sensitive information and emails that dated back to the past. “years.” One email contained a questionnaire that federal employees used to apply for security clearances. These forms can contain sensitive information that could be used to identify individuals before classified information is released.

The questionnaires hold a “significant amount of background information on security clearance holders valuable to foreign adversaries,” TechCrunch reports. 

In a data breach at the US Office of Personnel Management, Chinese hackers had stolen millions of sensitive background checks files in order to obtain security clearances.

The first time the mailbox server spilled information was two weeks ago on February 8. Although it isn’t known how the mailbox was exposed, it was most likely caused by human error. Monday afternoon was the last day that the server was secured. “When reached by email, a senior Pentagon official confirmed they had passed details of the exposed server to USSOCOM. The server was inaccessible soon after,” TechCrunch reports. 

“We can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” Ken McGraw, spokesperson for USSOCOM, said that

It is unclear if Sen or anyone else found the server during the two weeks it was available. “TechCrunch asked the Department of Defense if it has the technical ability, such as logs, to detect any evidence of improper access or data exfiltration from the database, but the spokesperson did not say,” Their report concludes.