Millions of sensitive US military emails have been mistakenly sent to the wrong email address in Mali, a country allied with Russia, due to an embarrassing typo.
The emails, including highly sensitive information such as diplomatic documents, tax returns, passwords, and travel details of top officers, were sent to a company managing Mali’s internet domain. The mistake occurs when people mistakenly type .ML instead of .MIL, the suffix for all US military email addresses, reported Financial Times.
Experts have warned about this typo for over a decade, and the problem was first identified by Johannes Zurrbier, a Dutch internet entrepreneur who manages Mali’s country domain. Zuurbier has been collecting misdirected emails since January and has accumulated nearly 117,000 misdirected messages. He sent a letter to the US in early July, emphasising the risk and the potential exploitation of the situation by adversaries of the US.
The issue gained significance as control of the .ML domain is set to revert from Zuurbier to Mali’s government, closely aligned with Russia. This means that Maian authorities will have access to the misdirected emails. The leaking of sensitive military information raises concerns about the data’s scale, duration, and sensitivity, prompting calls for increased security measures.
Zuurbier had noticed the leaks when he took over the country domain code in 2013 and observed requests for non-existent domains like army.nl and navy.ml. Realising something was amiss, he set up a system to catch the correspondence but was quickly overwhelmed.
In February, it was reported that sensitive emails of the United States Department of Defense got leaked due to an exposed server. Although no major information was leaked, it could easily have been a major security lapse for the country.
In 2015, Chinese hackers stole tons of sensitive background files of government employees seeking security clearance from the United States government.
In the News: Norway temporarily bans Meta from tracking users for ads
