Skip to content

Typo error results in leaked Pentagon messages to Mali

  • by
  • 2 min read

Millions of sensitive US military emails have been mistakenly sent to the wrong email address in Mali, a country allied with Russia, due to an embarrassing typo.

The emails, including highly sensitive information such as diplomatic documents, tax returns, passwords, and travel details of top officers, were sent to a company managing Mali’s internet domain. The mistake occurs when people mistakenly type .ML instead of .MIL, the suffix for all US military email addresses, reported Financial Times.

Experts have warned about this typo for over a decade, and the problem was first identified by Johannes Zurrbier, a Dutch internet entrepreneur who manages Mali’s country domain. Zuurbier has been collecting misdirected emails since January and has accumulated nearly 117,000 misdirected messages. He sent a letter to the US in early July, emphasising the risk and the potential exploitation of the situation by adversaries of the US.

The typo error was in the top-level domain (TLD).

The issue gained significance as control of the .ML domain is set to revert from Zuurbier to Mali’s government, closely aligned with Russia. This means that Maian authorities will have access to the misdirected emails. The leaking of sensitive military information raises concerns about the data’s scale, duration, and sensitivity, prompting calls for increased security measures.

Zuurbier had noticed the leaks when he took over the country domain code in 2013 and observed requests for non-existent domains like and Realising something was amiss, he set up a system to catch the correspondence but was quickly overwhelmed.

In February, it was reported that sensitive emails of the United States Department of Defense got leaked due to an exposed server. Although no major information was leaked, it could easily have been a major security lapse for the country.

In 2015, Chinese hackers stole tons of sensitive background files of government employees seeking security clearance from the United States government.

In the News: Norway temporarily bans Meta from tracking users for ads


Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: [email protected]