This past weekend, cybersecurity researcher Anurag Sen identified an exposed cloud email server belonging to the U.S. military.
The server had been leaking internal U.S. military emails to the open internet over the past two weeks.
A misconfiguration affecting a Department of Defense (DoD) server hosted on Microsoft Azure’s government cloud for DoD customers enabled passwordless entry, which allowed anyone on the internet to access mailbox data solely by using the server’s IP address via a web browser.
- The U.S. government was notified of the vulnerability and has secured the exposed server.
- The server contained internal military emails, some of which had highly sensitive personal and health information. Among the exposed files was a completed SF-86 questionnaire.
- United States Special Operations Command (USSOCOM) spokesperson Ken McGraw shared that an investigation will be conducted and confirmed that “no one hacked U.S. Special Operations Command’s information systems.”
