(UnitedVoice.com) – One might expect the US military to have the most secure technology in the world. Apparently, that is not always the case. The Department of Defense is now investigating an email leak.
The Defense Department’s US Special Operations Command (USSOCOM) is investigating after an unsecured server allowed sensitive emails to be exposed online for two weeks. TechCrunch reported a security researcher, Anurag Sen, reached out to the website after discovering the Pentagon’s data was being published online accidentally. The researcher asked Tech Crunch to notify federal authorities about the breach.
According to the website, the server contained internal military emails that went back years. Some of the messages contained sensitive information for military personnel, including a completed SF-86 questionnaire. That is the document federal employees are required to fill out when they need a security clearance. The email server was connected to the internet but was not secured by a password, allowing anyone with the IP Address to access the information.
The U.S. Department of Defense has fixed a misconfigured internet-connected cloud server that for the past two weeks had been left accessible to public view without a password. https://t.co/IQnGn4xQOd
— Anthony DeRosa (@Anthony) February 22, 2023
TechCrunch reached out to USSOCOM on February 19. However, the military server was not secured until the next day, allowing even more time for a bad actor to access the sensitive emails. USSOCOM spokesman Ken McGraw told the website that his agency was able to confirm the leak wasn’t the result of a hack. The spokesperson was asked if the Department of Defense would know if anyone else accessed the data while the server was unsecured, but the official would not respond to the question.
A spokesperson for US Cyber Command issued a statement to The Hill claiming their “defensive cyber operators proactively scan and mitigate the networks they manage.” The official said if an incident is found during the scans, they “fully mitigate, protect, and defend” the networks.
It’s unclear how many military personnel and government officials had their data exposed during the leak.
Copyright 2023, UnitedVoice.com