Having a top-of-the-line security system to protect government documents is essential, especially as hackers are developing new techniques on getting around passwords. It was recently discovered that a United States government email server didn’t have a proper password protection in place.
What this essentially means is that the department was leaking sensitive information to anyone who knew where to look, potentially exposing emails, documents and other important info to the wrong people.
Apparently, the exposed email server was hosted on Microsoft’s Azure government cloud for the Department of Defense, allowing it to share sensitive, but still unclassified data. It was part of an internal mailbox system that held around 3TB of internal military emails, some of which were in relation to U.S. Special Operations Command (USSOCOM), a military unit running special operations.
It was discovered that the server wasn’t password protected and as long as anyone knew the IP address, they would be able to easily access the data hosted. This includes information about internal military email messages, personal information and health information on certain government employees, along with other sensitive information.
The breach was spotted by security researcher Anurag Sen, who tipped off a news agency so they could alert the US government. TechCrunch, the news agency that was given the information, said it had seen some of the data hosted on the server and believes them to be unclassified, “which would be consistent with USSOCOM’s civilian network.”
USSOCOM spokesperson Ken McGraw did respond to the allegations, saying that the incident was not the result of a hack. “We can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” McGraw said.
Source: https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/