Amazon web server found unprotected for US military data when the files have found on a publicly accessible Amazon server by a security researcher.
More than 60,000 important files related to US military files found publicly accessible. These files were connected to a project for the US National Geospatial-Intelligence Agency (NGA). These files contained passwords for US government systems and other security credentials of a senior engineer at defense contractor Booz Allen Hamiton (BAH). This was discovered by up guard analyst Chris Vickey.
The contractor said, ” We have confirmed that more of those passwords and username could have been used to access classified information.
BAH said, ” It believed the accident was the result of an unintentional mistake.” He also added that no classified data had been stored on the server.
The company said, ” We took action to secure all those files and data from the public accessible and alert our client and began in the investigation.”
The company also claimed that their client has found no evidence that classified data was involved and so far their forensics have also resulted in the same.
Mr. Vickery told BBC, “He found some of the data of US military during a routine search for publicly accessible Amazon buckets.”
He said, ” I wasn’t surprised at finding yet another publicly exposed bucket until I realized that the data it contained was related to a government project.
He emailed BAH’s chief information security officer about the files on 24 May but he didn’t get any reply from him. Then he forwarded the mail to NGA.
On 26 May, a US government agency contacted onward to ask that if present retrieves all the data Mr. Vickey downloaded and guard them with full security.