A US government email server was found without any password security


A US government email server was discovered online without a proper password (opens in new tab) to protect its content, essentially leaking sensitive information to anyone who knew where to look. Whether or not anyone really knew where to look – remains to be seen.
The exposed email server was hosted on Microsoft’s Azure government cloud for Department of Defense, allowing it to share sensitive, but still unclassified data.
This service offers servers that are physically disconnected from commercial customers, and was part of an internal mailbox system that held some 3TB of internal military emails, some of which referred to U.S. Special Operations Command (USSOCOM), a military unit running special operations.
Terabytes of data
However it seems that the servier wasn’t protected with a password, so simply knowing the IP address would be enough to access it, and all of the data it hosted.
This hosted data reportedly included sensitive information such as internal military email messages, personal information and health information on certain government employees, and more.
The breach was spotted by security researcher Anurag Sen, who tipped off TechCrunch to the news so that it could alert the US government.
TechCrunch said it had seen some of the data hosted on the server and believes them to be unclassified, “which would be consistent with USSOCOM’s civilian network,” it argues.
The server was first listed as exposed on February 8, but there’s no explanation yet why it happened.
TechCrunch reached out to USSOCOM shortly after, with the server locked down the following day.
Responding to an email inquiry, USSOCOM spokesperson Ken McGraw said that the incident was not the result of a hack: “We can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” said McGraw.
Via: TechCrunch (opens in new tab)
Audio player loading… A US government email server was discovered online without a proper password (opens in new tab) to protect its content, essentially leaking sensitive information to anyone who knew where to look. Whether or not anyone really knew where to look – remains to be seen. The exposed…
Recent Posts
- 3 features that would actually make me pay for a Samsung Health subscription for my Galaxy Watch – and one big problem it needs to avoid
- TikTok’s ‘ban’ problem could end soon with a new app and a sale
- 16-Core AMD EPYC 4005 CPU is almost 3X faster than AMD’s first server flagship – and I can’t believe what a bargain that is
- Samsung’s very special rugged tablet comes with eight – yes, eight – years of Android updates and hot-swappable batteries
- The latest Samsung Galaxy Z Flip 7 leak is the first hands-on video of the flip foldable
Archives
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022