Classified data on Pentagon program mistakenly leaked online

Classified data on a joint program run by the National Security Agency (NSA) and the Army was accidentally leaked online, according to new research.

Researchers at cybersecurity firm Upguard discovered the data, which was stored on an Amazon Web Services cloud storage bucket without a password, allowing anyone on the internet with knowledge of the URL to access its contents.

According to Upguard, the unsecured server contained data belonging to the U.S. Army Intelligence and Security Command, a military intelligence and information operations unit jointly run by the Army and the NSA. 

{mosads}Upguard security expert Chris Vickery notified the Pentagon of the data exposure in late September and was informed on Oct. 10 that the exposed data was secured. The owner of the storage bucket, however, remains unknown. 

The Pentagon did not immediately return a request for comment.

The bucket, researchers say, held dozens of viewable files, including a downloadable virtual hard drive used for secure communications within the federal government. When opened, the file revealed data labeled with the classification “NOFORN” — indicating that the information cannot be shared with foreign government allies.

Based on their analysis of the files, the researchers believe the data to be associated with a troubled Army intelligence platform called “Red Disk.”

Upguard periodically exposes accidental data exposures online. For instance, the firm spotted data on roughly 2 million Dow Jones customers that had been overexposed on the internet as a result of a cloud configuration error over the summer.