A major defense contractor’s unsecured database exposed sensitive United States military information, a Gizmodo investigation found.
Booz Allen Hamilton left an Amazon cloud server accessible to the open internet that contained over 60,000 files, including login credentials for one of the company’s lead senior engineers and multiple unencrypted passwords used by contractors with Top Secret Facility Clearance. The passwords could potentially be used to access secure systems containing U.S. military information.
Private and public encryption keys were also discovered on the database, according to UpGuard security analyst Chris Vickery, who found the database during a scan for unsecured Amazon cloud devices. Vickery previously uncovered database breaches that exposed the data of 1.3 million elementary school children, 87 million Mexican voter records, and 154 million U.S. voting records, among others.
The sensitive information contained on the server appears to be related to the U.S. National Geospatial-Intelligence Agency (NGA), a military intelligence arm that handles data gathered spy satellites and drones for the Pentagon.
NGA confirmed the leak to Gizmodo but said the unsecured cloud server was “not directly connected to classified networks.” NGA recently awarded Booz Allen with a $86 million contract, according to the company.
“NGA takes the potential disclosure of sensitive but unclassified information seriously and immediately revoked the affected credentials,” an NGA spokesperson told Gizmodo.
Booz Allen is perhaps best known as the company employing whistleblower Edward Snowden when he made off with thousands of classified National Security Agency (NSA) documents in 2013.
Read the full report at Gizmodo.