The server was hosted in the Microsoft Azure government cloud for the Department of Defense. It was used to exchange sensitive government data. It held about three terabytes of data, many of which belonged to the United States Special Operations Command, or USSOCOM, the U.S. military branch tasked with conducting special military operations.
Access to the server was carried out without a password, and this allowed anyone on the Internet to inquire about the contents of confidential documents, simply by knowing its IP address.
The server contained internal correspondence and documents, many of which contained confidential personnel information. One of the files included a completed security clearance form, SF-86, which contains highly sensitive personal and health information about military personnel. These personnel questionnaires contain a significant amount of background information about the holders of security clearances, and are of great value to intelligence agencies in many countries of the world.
According to the Pentagon, free access to documents occurred due to incorrect settings of access rights caused by a human factor.
“At this point, we can confirm that no one has hacked the US Special Operations Command information systems,” said Ken McGraw, a spokesman for the US Department of Defense.