A US government email server was found without any password security

A laptop showing lots of email notifications
(Image credit: Shutterstock)

A US government email server was discovered online without a proper password to protect its content, essentially leaking sensitive information to anyone who knew where to look. Whether or not anyone really knew where to look - remains to be seen.

The exposed email server was hosted on Microsoft’s Azure government cloud for Department of Defense, allowing it to share sensitive, but still unclassified data.

This service offers servers that are physically disconnected from commercial customers, and was part of an internal mailbox system that held some 3TB of internal military emails, some of which referred to U.S. Special Operations Command (USSOCOM), a military unit running special operations. 

Terabytes of data

However it seems that the servier wasn’t protected with a password, so simply knowing the IP address would be enough to access it, and all of the data it hosted.

This hosted data reportedly included sensitive information such as internal military email messages, personal information and health information on certain government employees, and more. 

The breach was spotted by security researcher Anurag Sen, who tipped off TechCrunch to the news so that it could alert the US government.

TechCrunch said it had seen some of the data hosted on the server and believes them to be unclassified, “which would be consistent with USSOCOM’s civilian network,” it argues. 

The server was first listed as exposed on February 8, but there’s no explanation yet why it happened. 

TechCrunch reached out to USSOCOM shortly after, with the server locked down the following day. 

Responding to an email inquiry, USSOCOM spokesperson Ken McGraw said that the incident was not the result of a hack: “We can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” said McGraw.

Via: TechCrunch

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
Data leak
Popular online bill paying site leaks data of thousands of users
A person using DeepSeek on their smartphone
DeepSeek security breach - critical databases exposed, more than one million records reportedly leaked
Stress
Time tracker tool spilled details on remote workers - millions of screenshots leaked
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Security
Experts warn millions of email servers could be vulnerable to attack
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock