Security credentials and password information that could potentially yield access to sensitive Department of Defense military documents were among the 60,000 files found on an unsecured Amazon cloud server used by government contractor Booz Allen Hamilton, according to a Gizmodo report.
UpGuard cyber risk analyst Chris Vickery made the discovery of the unsecured documents, which contained a number of references to the DoD's combat support and intelligence agency US National Geospatial-Intelligence Agency (NGA). No passwords were needed to access the publicly exposed information, according to the report.
Although the NGA stressed that no classified information had been disclosed in the incident, the information could have provided a potential path for attackers to obtain highly sensitive data. An attacker could have found not only passwords to US government systems that store sensitive information, but unencrypted passwords for at least six government contractors who had a high-level of security clearance.
The documents also contained security credentials for a Booz Allen lead senior engineer, which would have provided his private SSH keys, according to the report.
Read more about the NGA incident here.