We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Unprotected DoD Server Leaks US Military Emails

Unprotected DoD Server Leaks US Military Emails
Zane Kennedy Published on 28th February 2023 Cybersecurity Researcher

On Monday, the US Department of Defense (DoD) took action to secure an unprotected server that had been leaking confidential U.S. military emails onto the open internet for the past two weeks.

The unprotected server hosted on Microsoft's Azure specialized government cloud was part of a mailbox system storing about 3 TB of internal military emails, many relating to US Special Operations Command (USSOCOM). A misconfiguration left the server without a password, allowing anyone access to the sensitive mailbox data inside just by knowing the IP address.

The mailbox server was packed with internal military emails, some containing sensitive personnel information. For example, it included completed SF-86 questionnaires filled out by federal employees seeking security clearance. These personnel questionnaires contain a significant amount of background information on security clearance holders — which could be valuable data to foreign adversaries of the US. However, none of the leaked data appeared to be classified.

The data leak was first reported by TechCrunch, which was discovered over the weekend by independent cybersecurity researcher Anurag Sen.

According to a listing on Shodan, a search engine that crawls the web for exposed systems and databases, the unprotected mailbox server was first detected leaking data on February 8th. TechCrunch initially contacted the US government on February 19th, and the server wasn't secured until the afternoon of February 20th.

The publication also asked if the DoD has the technical capabilities, such as the availability of logs, to identify indications of unauthorized access or data exfiltration from the mailbox system, but they did not receive a response. It is still unclear at this point how the mailbox data became exposed to the open internet, though it is suspected to be human error.

USSOCOM spokesperson Ken McGraw told CNN that the command "initiated an investigation into information we were provided about a potential issue with the command's Cloud service." McGraw added, "The only other information we can confirm at this point is no one has hacked US Special Operations Command's information systems."

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.