A cybersecurity analyst discovered more than 60,000 sensitive Defense Department files on a publicly accessible Amazon Web Services server after contractor Booz Allen Hamilton appears to have left them there unsecured.
Chris Vickery, an analyst at the cybersecurity firm UpGuard who first found the files, told sister publication CyberScoop it’s “highly likely” that malicious actors are downloading this publicly exposed data but said it remains unclear if anyone realized and acted on the gravity of the exposed data. A large part of Booz Allen Hamilton’s business is contracting with intelligence agencies.
The data leakage was first reported by Gizmodo on Wednesday.
Although none of the files were classified, they included passwords to sensitive government systems, credentials belonging to a senior engineer at Booz Allen Hamilton, vulnerability reports on government source code and government contractors with Top Secret clearances. The exposed files are linked to the National Geospatial-Intelligence Agency (NGA), the Department of Defense agency that collects and analyzes data gathered by satellites and drones for the U.S. military and intelligence community.
Read more about the unsecured files on CyberScoop.