US Military Investigating Reported Email Leak From Pentagon Server

Pentagon

The server from the Pentagon was exposed allowing anyone on the internet to access the mailbox data using only a web browser and its IP address. The US Department of Defence has secured an exposed server that had been leaking internal us military emails online for the past two weeks. Due to a configuration error, the server was left without a password, allowing anyone on the internet to access the mailbox data using only a web browser and its IP address. 

This was until the Pentagon server was secured the next week. The exposed server, first discovered on February 8 by independent cybersecurity researcher Anurag Sen and the reporter ‘was hosted on Microsoft’s Azure government cloud for Department Of Defense customers, which uses serves that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data ’

Pentagon’s Exposed Server

The exposed server was part of an internal mailbox system that had about 3 TB of internal military emails many of which were related to the US Special Operations Command (USSOCOM), the military unit assigned to execute special military operations. 

Sen’s data samples dated back a few years included details regarding US military contracts as well as requests from Department of Defence employees to finish their paperwork. USSOCOM spokesperson Ken McGraw said in an email on Tuesday that an investigation, which began Monday, is underway. “We can confirm at this point is no one hacked US Special Operations Command’s information systems”, said McGraw.

This Pentagon incident demonstrates how even large, well-resourced enterprises can unintentionally expose potentially sensitive internal data due to improper server configuration. The fact is a Department of Defense email server might raise concerns among U.S. officials but it is not uncommon for a huge business to accidentally expose internal data to the internet.