A DoD email server hosted in the cloud (and now secured) had no password protection in place for at least two weeks.
A US Department of Defense email server hosted on Microsoft Azure's government cloud service reportedly was found wide open to the public Internet for a period of about two weeks before it was properly secured.
According to a report on TechCrunch, a security researcher spotted the email server containing internal US military messages, some with sensitive personal information, including an SF-86 questionnaire that federal workers fill out as part of their security clearance process. It was one of a group of email servers in the US Special Operations Command (USSCOM) but likely on the civilian side, the report said.
The email server appeared to have been misconfigured and was running without password protection. Once TechCrunch alerted USSCOM, the agency fixed the issue. "[W]hat we can confirm at this point is no one hacked US Special Operations Command's information systems," a USSCOM spokesperson told TechCrunch.
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024