Search This Blog

Powered by Blogger.

Blog Archive

Labels

 Crucial US military Emails was Publicly Available

SF-86 questionnaire, filled out by government employees seeking a security clearance was leaked.
A US Department of Defense exposed a server that was leaking private internal military emails online Security researcher Anurag Sen discovered the unprotected server, which was "hosted on Microsoft's Azure federal cloud for Department of Defense customers," according to a TechCrunch report.

The vulnerable server was housed on Microsoft's Azure federal cloud, which is available to Department of Defense clients. Azure uses servers that are physically isolated from other commercial customers so they can be utilized to share private but sensitive government information. The exposed server was a component of an internal mailbox system that included around three terabytes of internal military emails, a lot of them regarding the USSOCOM, the US military organization responsible for carrying out special military operations.

Nevertheless, due to a misconfiguration, the server was left without a password, making it possible for anyone with access to the internet to access the server's IP address and view the server's important mailbox data.

The server was filled with old internal military emails, a few of which contained private information about soldiers. A completed SF-86 questionnaire, which is filled out by government employees seeking a security clearance and contains extremely sensitive personal and health information for screening people prior to being cleared to handle classified information, was included in one of the disclosed files.

As classified networks are unreachable from the internet, TechCrunch's scant data did not appear to be any of it, which would be consistent with USSOCOM's civilian network. In addition to details regarding the applicant's employment history and prior living arrangements, the 136-page SF-86 form frequently includes details about family members, contacts abroad, and psychiatric data.

A government cloud email server which was accessible through the web without a password was made public and the US government was notified about it. Using just a web browser, anyone could access the private email data there.






Share it:

Data Breach

Email Fraud

IP Address

Microsoft Azure

Server

TechCrunch

Unauthorized access

US Government

User Privacy