Highly sensitive military data about a US intelligence agency project has been discovered on a publicly accessible server without password protection, according to a new report.
UpGuard said Wednesday an analyst with the security firm discovered tens of thousands of documents last week on an Amazon cloud server that are connected to the US National Geospatial-Intelligence Agency (NGA), the US military’s combat support agency. Credentials found in the exposed files suggest the data was uploaded to the cloud by defense and intelligence contractor Booz Allen Hamilton, UpGuard reported.
The files included the log-in credentials that could have provided access to more sensitive data, including code repositories, UpGuard said.
Booz Allen has a large presence at US intelligence agencies. The company has a workforce of about 22,600, and 69 percent of its workers hold security clearances with US intelligence agencies, according to company tax filings. Booz Allen generated $1.3 billion in revenue from contracts with US intelligence agencies, including the NSA, in the fiscal year ending in March 2016.
The NGA said it took immediate action to close the potential vulnerability after learning of it last week from UpGuard and through social media.