Skip to main content

A server hosted on Microsoft’s Azure government cloud for the US Department of Defense was accessible by anyone on the internet using only a web browser.  More than 3TB of internal military emails, many about U.S. Special Operations Command, were accessible.

The U.S. Department of Defense managed to secure this exposed server earlier this week. However – this unsecured server was open to the Internet for more than two weeks, exposing internal U.S. military emails to the open internet, according to an article in TechCrunch.

Swivel Secure works with a number of Defence Departments in various European countries, where our main area of responsibility is to secure sensitive information using the patented technology underpinning our AuthControl Sentry® Authentication Platform. In many cases, we provide authentication for air-gapped hardware without internet access. In other cases, we secure infrastructure which needs to be accessible via the Internet.
Contact us here – https://swivelsecure.com/contact-us/ – to find out more. All queries are handled in the strictest confidence.

According to TechCrunch, Microsoft’s Azure government cloud for Department of Defense customers deploys servers physically separated from other commercial customers, sharing sensitive but unclassified government data.

It seems that a misconfiguration left the server without a password, allowing anyone on the internet access to the sensitive mailbox data using only a web browser.

According to TechCrunch, the server was packed with internal military email messages dating back years, some containing sensitive personnel information. One of the exposed files included a completed SF-86 questionnaire, which is filled out by federal employees seeking a security clearance and contains highly sensitive personal and health information for vetting individuals before they are cleared to handle classified inform.