Sensitive US military info leaked - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Sensitive US military info leaked
De:       Mike Powell
Data:     Thu, 7 May 2026 09:38:50 -0500
-----------------------------------------------------------
More than 70,000 US Army files were exposed for over a year even after CISA 
warning  sensitive personnel info and base schematics stored in vulnerable 
Open Directory Listing

Date:
Thu, 07 May 2026 13:05:00 +0000

The database contained sensitive US military information on bases, personnel, 
contractors, and schematics:  A leaky directory containing over
70,000 files relating to military personnel records, contractor records, and 
images taken inside military bases has been uncovered. 

Researchers from Cybernews were tipped off about the leaky directory, and 
investigated the contents. Despite the Cybersecurity and Infrastructure 
Security Agency (CISA) being informed by security researcher Arkadeep Roy in 
2024, the dataset has remained exposed and was actively leaking as of April 
2026.  Cybernews discovered the dataset was being exposed via an Open
Directory Listing Vulnerability. The directory also lacked sufficient 
security controls. The directory was found to belong to CMI Management Inc., 
a US government contractor, which is part of Dexterra Group. 

According to the CMI Management website, the company specializes in providing 
government facilities services. The website states, Over the years, CMI has 
successfully managed a wide range of government facilities, from training 
centers to mission-critical operations. 

The files were originally discovered in 2024, with CISA being notified the 
same year. On 16 March 2026, Cybernews was tipped off about the exposed 
database and launched an investigation the following day. Cybernews confirmed 
the leaky directory and reported it to CMI Management and CISA on 18 March 
2026. 

Cybernews shared a number of example images which have been heavily redacted 
to censor private information. The images include maintenance forms, emails 
between staff, and photos of internal infrastructure. Cybernews alerted CMI 
Management to the leaky directory but did not immediately receive a response. 

The leak of sensitive personnel and contractor information could put current 
and former US military personnel at risk of phishing or impersonation 
attempts, or personnel details could be used in order to gain unauthorized 
access to military installations. 

Of particular concern is the leak of internal photos of US military bases, 
and base schematics, which could be used by threat actors to create detailed 
maps of US military bases and identify weak points in both structure and 
security. 

The data leak is concerning, as sensitive US military data was stored 
insecurely for over a year, even after CISA was reportedly notified. This 
signifies that even when it comes to the military and their facilities, it is 
too common to find data being stored insecurely, and remediation efforts are 
not prioritized even after notifying the relevant authorities, the Cybernews 
research team said. 

Following the Stryker Corporation cyber attack , CISA issued an alert in 
March 2026 with guidance on how organizations should harden endpoint 
management system configurations to defend against malicious cyber activity. 

Link to news story:
https://www.techradar.com/pro/security/more-than-70-000-us-army-files-were-exp
osed-for-over-a-year-even-after-cisa-warning-sensitive-personnel-info-and-base
-schematics-stored-in-vulnerable-open-directory-listing

$$
--- MultiMail/DOS
 * Origin: Capitol City Hub (1:2320/105)

-----------------------------------------------------------
[Voltar]