Sensitive US military emails spilled online via exposed server
Washington, A cybersecurity researcher discovered an exposed server of the US Department of Defense that was spilling sensitive internal military emails on the Web.
According to a TechCrunch report, security researcher Anurag Sen found the exposed server that “was hosted on Microsoft’s Azure government cloud for Department of Defense customers”.
The US government was alerted about the exposed government cloud email server that was connected to the Internet without a password.
“The exposed server was part of an internal mailbox system storing about three terabytes of internal military emails, many pertaining to US Special Operations Command, or USSOCOM, the US military unit tasked with conducting special military operations,” the report said late on Tuesday.
Anyone could access the sensitive mailbox data inside using only a web browser. A senior Pentagon official confirmed they had passed details of the exposed server to USSOCOM. The server was inaccessible soon after, the report said.
“We can confirm at this point that no one hacked US Special Operations Command’s information systems,” a USSOCOM spokesperson was quoted as saying.
In 2015, suspected Chinese hackers stole millions of sensitive background check files of government employees in a data breach at the US Office of Personnel Management.