An unsecured server that allowed for US military emails to be spilled across the web for weeks was repaired on Monday.
The exposed server was hosted on Microsoft’s Azure government cloud, reports TechCrunch, “which uses servers that are physically separated from other commercial customers and as such can be used to share sensitive but unclassified government data.”
The server contained roughly three terabytes of military emails which may have pertained to US Special Operations Command. The site reports that a misconfiguration left the server “without a password,” which allowed the emails to be easily accessible by anyone with internet access with just a web browser, so long as the IP address was known.
One security researcher, Anurag Sen, found the server last weekend and gave the details to TechCrunch, which then alerted the US government.
The server contained sensitive military information and email messages which dated back “years.” One email included a filled-out questionnaire that federal employees use to seek security clearances. Those forms contain sensitive individual information before they are cleared to handle classified information.
The questionnaires hold a “significant amount of background information on security clearance holders valuable to foreign adversaries,” TechCrunch reports.