- Mar 13, 2022
- 599
A government cloud email server was connected to the internet without a password
The U.S. Department of Defense secured an exposed server on Monday that was spilling internal U.S. military emails to the open internet for the past two weeks.
The exposed server was hosted on Microsoft’s Azure government cloud for Department of Defense customers, which uses servers that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data. The exposed server was part of an internal mailbox system storing about three terabytes of internal military emails, many pertaining to U.S. Special Operations Command, or USSOCOM, the U.S. military unit tasked with conducting special military operations.
But a misconfiguration left the server without a password, allowing anyone on the internet access to the sensitive mailbox data inside using only a web browser, just by knowing its IP address.
Sensitive US military emails spill online | TechCrunch
A security researcher told TechCrunch that a government server was exposing military emails to the internet because no password was set.
techcrunch.com
Last edited by a moderator: