The US Department of Defense shut down an exposed server on Monday, which had been leaked by critical military emails online over the past two weeks.
The exposed servers were hosted on a Microsoft Azure Cloud service for DOD clients, the server used, which is physically separated from other commercial clients, meaning it can be used to overwrite sensitive but unclassified government data.
The exposed server was part of an internal mailbox system that stored about 3 terabytes of internal military emails, many of which were related to the US Special Operations Commander, the US military unit tasked with carrying out military operations.
But the wrong confirmation left the server behind without a password, and everyone on the Internet who knew their IP address could access sensitive mailbox data with just one web browser.
Anurag Sen, a security researcher known for discovering sensitive data online, localized the server over the weekend, provided details to TechCrunch and asked to notify the US government.
The server was littered with years of internal military emails, some of which contained confidential personal information.
One of the open documents included an extensive questionnaire filled out by federal employees who sought a background check of the highly sensitive personal and health information often needed to verify people seeking consent to handle classified information. These individual questionnaires contain an abundance of important information about security check holders that can be very valuable to foreign dissidents.
In 2015, alleged Chinese hackers stole millions of sensitive background check documents from government employees wanting to catch up on security data regarding a data meltdown at the US Office of Personnel Management.
None of the data it saw was classified, TechCrunch said, which is consistent with the US Special Operations Command's civilian network, since covert networks are not accessible over the public internet.
According to Shodan List, a search engine that searches the web for exposed systems and databases, the leaked mail server was first discovered on February 8.
TechCrunch said it was contacted with the US Special Operations Command on Sunday morning, but that the servers were only secured on Monday afternoon. Contacted via email, a senior civilian Pentagon employee confirmed that they had sent details of the exposed server to the US Special Operations Command. Then the server can not be reached.
Ken McGraw, a spokesman for the United States Special Operations Command, said Tuesday in an email that the investigation that began yesterday is continuing. "We can now confirm that SOCOM's information systems were not compromised," he added.