A cybersecurity firm has reported the discovery of 60,000 files from a US intelligence agency left on an unsecured public server with absolutely zero protection, not even a password.
The files were related to a military project being undertaken by the National Geospatial-Intelligence Agency (NGA), which uploaded the files to an Amazon cloud storage server that anyone could access.
Chris Vickery, a risk analyst with cyber resilience firm UpGuard, did just that. Among the files were sensitive information and even the security credentials of a senior employee with defense contractor Booz Allen Hamilton (BAH). There were also the login credentials needed to access code repositories that might contain classified information among the files. Vickery said that the information appeared to have been accidentally leaked by a BAH employee.