The United States Department of Defense patched the server, which was exposed for two weeks in what could have been a major security lapse for the country.
Anurag Sen, a security researcher, found out about the exposed server and then reported it to TechCrunch and the situation was escalated to the US government officials.
The server consisted of several internal emails dating back several years. Some of the emails contained sensitive personal information and even a complete SF-86 form used by the military to grant security clearance to personnel.
The server was hosted on Microsoft’s Azure cloud for Department of Defense customers, which uses servers separate from other commercial servers. Thus, the officials can share sensitive information here. There were about 3 TB of internal military emails from the United States Special Operations Command (USSCOM). This wing is tasked with conducting special operations.
The first detection was on February 8 by Shodan, a search engine that maps inter-connected devices. It is still unclear how this server got exposed, but it is likely to be caused by a misconfiguration.
“We can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” said USSCOM spokesperson McGraw in an email to TechCrunch.
It is still not clear how many people have seen the exposed data and what are the effects of the said email leak.
This is not the first time such an incident has happened with the US military servers. Back in 2015, Chinese hackers stole tons of sensitive background files of government employees seeking security clearance from the United States government.
In the News: Xbox PC games are coming to GeForce Now