DOD Leaves Confidential Information Exposed On Server For Weeks

Holland McKinnie Published: February 24, 2023

Like Freedom Press? Get news that you don't want to miss delivered directly to your inbox

Reports have surfaced this week that the U.S. Department of Defense (DOD) left a server containing three terabytes of sensitive internal military emails exposed online without a password for two weeks due to a misconfiguration. The vulnerability would have allowed any person with internet access to access all of the mailbox data if they knew the server’s IP address.

An independent cybersecurity researcher discovered the open server, and after alerting the DOD, the server was reportedly secured by Monday afternoon.

The server was hosted on Microsoft’s Azure government cloud, which is used by DOD customers and contained highly sensitive personnel information, including a security clearance questionnaire that could be valuable to foreign adversaries. The form seeks personal and confidential information, including Social Security numbers, birthdates, addresses, and other identifying information about personal references provided for security clearances.

Breaking: The U.S. Department of Defense secured an exposed server on Monday that was spilling terabytes of internal U.S. military emails to the internet for two weeks. The server wasn't protected with a password, a security researcher told TechCrunch.https://t.co/ACgBIUWrtL
— Zack Whittaker (@zackwhittaker) February 21, 2023

Most of the emails contained in the mailbox were from the U.S. Special Operations Command, a military command responsible for conducting special operations missions worldwide. The mailbox server was first detected as spilling data on February 8. The leak is believed to be due to human error. The data contained in the mailbox was apparently not classified, as “classified servers” are not connected to the open internet for obvious security reasons.

In 2015, Chinese hackers stole millions of sensitive background check files of government employees who sought security clearance in a data breach in the U.S. Office of Personnel Management.

A senior U.S. defense official confirmed with Fox News that the server was left exposed and allowed internal emails to be accessed. However, it is unclear if anyone accessed the data during the two-week window that the server was accessible from the internet. Reporters with TechCrunch asked the DOD if they could view logs or detect improper access. A spokesperson for the department was unable to provide a specific answer.

U.S. Special Operations Command spokesperson Ken McGraw stated that an investigation had begun. Still, there is no evidence that anyone had hacked USSOCOM’s information systems.

DOD was very fortunate in avoiding a highly damaging security breach. The data exposure could have been disastrous, considering the years of personnel information left unprotected for an extended period.

Tags:Biden's America Editor's picks

Putin Suspends Participation In START Treaty, Hammers Western Decadence

Doctors Sue FDA For Blocking Ivermectin Treatments For COVID-19

DOD Leaves Confidential Information Exposed On Server For Weeks

You may like

Trending

All Of Biden Family’s Returned Rental Cars Go Up In Flames

Obama Won’t Commit To Search For Possible Classified Docs

Project Veritas Reveals ‘Illegal Electioneering’ For John Fetterman

Jill Biden Waves As Stadium Crowd Chants Against Her

Hochul Sings New Tune After Banishing Republicans From NY

Biden Admin Promotes Pandemic-Style Lockdowns To Save Environment

J6 Prison Choir’s Song Featuring Trump Soars To Number One On iTunes

Smash-And-Grab Robbery Next To Marine Recruiting Office Ends Badly For Robbers

Swalwell Spent $583K In Campaign Funds On Yachts, Resorts and Limos

Dead Animals Fill Forests Around East Palestine Train Derailment

DOJ Misstates Facts Of Paul Pelosi Assault

Youngkin Blocks Chinese-Operated Battery Plant Planned For Virginia

China Demands US Return Equipment Recovered From Downed Balloon