by Mary Chastain at legalinsurrection.com
“The server contained around three terabytes of military emails, with many related to the U.S. Special Operations Command, which is a military unit which conducts special operations.”
Fox News confirmed an email server left exposed for two weeks caused leakage of internal emails:
A misconfiguration with a Department of Defense server hosted on Microsoft Azure’s government cloud allowed the server to be accessed with a password, according to Tech Crunch, who reported that anyone with internet access could access mailbox data if they knew the server’s IP address and were using a web browser.
The server contained around three terabytes of military emails, with many related to the U.S. Special Operations Command, which is a military unit which conducts special operations.
According to the report, the emails inside the server appear to date years back and contain personal information…
A completed SF-86 questionnaire was one of the files left in the open. Government employees fill out the questionnaire to gain security clearance.
Thankfully, the leak did not include anything marked as classified.
Anurag Sen, a researcher who finds data accidentally leaked online, found out about the situation over the weekend. He gave the information to TechCrunch, which told the government:
The server was packed with internal military email messages, dating back years, some of which contained sensitive personnel information. One of the exposed files included a completed SF-86 questionnaire, which are filled out by federal employees seeking a security clearance and contain highly sensitive personal and health information for vetting individuals before they are cleared to handle classified information. These personnel questionnaires contain a significant amount of background information on security clearance holders valuable to foreign adversaries. In 2015, suspected Chinese hackers stole millions of sensitive background check files of government employees who sought security clearance in a data breach at the U.S. Office of Personnel Management.
None of the limited data seen by TechCrunch appeared to be classified, which would be consistent with USSOCOM’s civilian network, as classified networks are inaccessible from the internet.