Security News > 2023 > February > Sensitive DoD emails exposed by unsecured Azure server

Sensitive DoD emails exposed by unsecured Azure server
2023-02-23 19:30

A hole in a Department of Defense email server operated by Microsoft left more than a terabyte of sensitive data exposed less than a month after Office 365 was awarded a higher level of US government security accreditation.

According to security researcher Anurag Sen, who discovered the issue and shared it, the openly accessible server was part of an internal mailbox system hosted on Azure Government Cloud and used by the DoD for a variety of purposes - including the processing of security clearance paperwork.

Documents Sen shared with The Register said to be from the exposed server include a rich amount of data that certainly be valuable to a foreign adversary.

Per Bloomberg, which said it spoke to individuals at the DoD and Microsoft, both the Pentagon's Cyber Command and Microsoft are investigating the incident.

The Pentagon and Microsoft have reportedly blamed each other for the error, but without receiving answers to our questions from either party there's only so much that can be determined, namely that an internal DoD email server appears to have been given a public IP without any sort of password protection.

With the DoD and Microsoft now apparently trying to blame each other for an egregious security failure, the window is open for those other three to swoop in and further disrupt the Redmond/DC relationship.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/23/azure_dod_emails_exposed/