Pentagon server leaked sensitive internal military emails for two weeks

The U.S. Department of Defense found an exposed server on Monday that had been leaking sensitive internal military emails to the internet for almost two weeks, a senior defense official confirmed. 

The U.S. military’s Special Operations Command (SOCOM) “initiated an investigation into information we were provided about a potential issue with the command’s Cloud service,” said the agency’s spokesperson Ken McGraw. 

“The only other information we can confirm at this point is no one has hacked US Special Operations Command’s information systems,” McGraw said.

The three terabytes of data that was leaked included information and emails dating back years about U.S. military contracts, sensitive personnel information, and requests by Department of Defense employees. 

One of the files that was exposed included completed SF-86 questionnaires, which is a form that is filed out by employees who seek to obtain a security clearance.

The form includes personal information such as social security number and personal address. 

“The exposed server was hosted on Microsoft’s Azure government cloud for Department of Defense customers, which uses servers that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data,” reported TechCrunch, which first heard about the leak after security researcher Anurag Sen found the sensitive data online. 

However, a misconfiguration of the server allowed anyone with the IP address to access the parts of an internal mailbox system without a password until the server was secured on Monday.