-: FOLLOW US :- @theinsaneapp
The U.S. Department of Defense discovered an exposed server that had been leaking internal military emails to the open internet for two weeks.
-: FOLLOW US :- @theinsaneapp
The exposed server was hosted on Microsoft's Azure government cloud for Department of Defense customers.
-: FOLLOW US :- @theinsaneapp
The server was without a password, allowing anyone on the internet access to the sensitive mailbox data inside.
-: FOLLOW US :- @theinsaneapp
The server stored about three terabytes of internal military emails, many of which pertained to U.S. Special Operations Command.
-: FOLLOW US :- @theinsaneapp
Anurag Sen, a security researcher, found the exposed server and alerted TechCrunch, who then notified the U.S. government.
-: FOLLOW US :- @theinsaneapp
The server contained sensitive personnel information, including completed SF-86 questionnaires filled out by federal employees seeking security clearance.
-: FOLLOW US :- @theinsaneapp
None of the data seen by TechCrunch appeared to be classified.
-: FOLLOW US :- @theinsaneapp
The mailbox server was first detected as spilling data on February 8.
-: FOLLOW US :- @theinsaneapp
An investigation is currently underway to determine how the mailbox data became exposed to the public internet.
-: FOLLOW US :- @theinsaneapp
It is unknown if anyone other than Sen found the exposed data during the two-week window that the cloud server was accessible from the internet.