The Pentagon allowed an exposed server to spill internal U.S. military emails to the open Internet for two weeks before securing it, according to a recent report.
According to a report by TechCrunch, the exposed server was hosted on Microsoft’s Azure government cloud for Department of Defense customers, which is used to share sensitive but unclassified government data.
The exposed server was part of an internal mailbox system that stored about “three terabytes of internal military emails, many pertaining to U.S. Special Operations Command,” according to the report.
A “misconfiguration like due to human error” left the server without a password, allowing “anyone on the internet” to access the sensitive mailbox data using only a web browser.
A security researcher named Anurag Sen found the sensitive data last weekend and provided details to TechCrunch, who alerted the government.
However, TechCrunch also reported on the breach, saying the server was “packed with internal military email messages, dating back years, some of which contained sensitive personnel information.”
One of the exposed files included a completed SF-86 questionnaire, which are filled out by federal employees seeking a security clearance and contain highly sensitive personal and health information for vetting individuals before they are cleared to handle classified information. These personnel questionnaires contain a significant amount of background information on security clearance holders valuable to foreign adversaries.
The episode is reminiscent to when millions of U.S. government personnel’s background check files for security clearances somehow made its way to Chinese hackers in 2015 in an apparent data breach.
The data first spilled online on February 8, according to the report. TechCrunch said it reported the exposed server to U.S. Socom on Sunday morning, but the server was not secured until Monday afternoon, after which it was inaccessible.
U.S. Socom spokesperson Ken McGraw told TechCrunch Tuesday that an investigation, which began Monday, is underway.
“[What] we can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” he said.
However, TechCrunch reported, it is not known if anyone other than Sen found the exposed data. The outlet asked if the DOD was able to know if any data was improperly accessed, but did not get an answer to that specific question.
Follow Breitbart News’s Kristina Wong on Twitter, Truth Social, or on Facebook.