On Monday, it was discovered that an unsecured server at the Department of Defense (DOD) had been leaking sensitive military emails online for two full weeks. The incident is being blamed on a misconfiguration that left the server without a password.
The server contained files with sensitive personnel information from the past several years, including completed SF-86 questionnaires, which contain background information for personnel with security clearance. The server is a treasure trove of sensitive information for anyone looking to do harm to the U.S.
The compromised server was hosted on Microsoft's Azure government cloud, which is exclusively for DOD customers. The Azure servers are physically separated from those for commercial customers and can be used to share sensitive information, although no classified material. The exposed server acted as part of an internal email system storing roughly 3 terabytes of internal military emails, several of which pertained to U.S. Special Operations Command (USSOCOM), which is the military unit that conducts special operations.
read more:
Replies