A server containing about three terabytes of internal U.S. military emails, including many related to special operations, was accessible on the open internet without a password over the past two weeks.
A security researcher named Anurag Sen discovered the exposed server and disclosed it to the blog TechCrunch, which alerted the U.S. government, according to the outlet. TechCrunch notified U.S. Special Operations Command on Sunday morning, but the server was reportedly not secured until Monday afternoon.
An investigation into how the server was left unsecured was launched on Monday, USSOCOM spokesperson Ken McGraw told TechCrunch. McGraw said he could confirm that “no one hacked U.S. Special Operations Command’s information systems.”
The mailbox server was hosted on a Microsoft Azure government cloud and was reportedly used to share sensitive, but unclassified, information. For about two weeks, it was configured so that anyone could access it simply by typing its IP address into a web browser.
The email messages dated back years and included sensitive personnel information, but TechCrunch reported that none appeared classified. One exposed file was a questionnaire filled out by a federal employee seeking a security clearance that revealed highly sensitive personal and health information.
Millions of those 127-page questionnaires, called SF-86 forms, were stolen from the Office of Personnel Management by suspected Chinese hackers in 2015.
READ MORE: FBI Dir. Wray warns China hacking threat ‘more brazen’ than ever
The unsecured military server was reportedly first detected on Feb. 8 by Shodan, a search engine that can discover exposed servers.
It is unknown whether anyone other than Sen accessed the data while it was accessible. A Department of Defense spokesperson did not say whether the agency has the ability to determine that, TechCrunch reported.
Sen previously uncovered an unsecured server spilling billions of records on individuals’ web usage onto the open internet, as reported by TechCrunch.
This was a breaking news story. The details were periodically updated as more information became available.