A Pentagon subcontractor has exposed the names, locations, Social Security Numbers, and salaries of US Military Special Operations Command (SOCOM) healthcare professionals.
The cleartext and openly accessible database – said to be at least 11 gigabytes in size – also included names and locations of at least two Special Forces analysts with Top Secret government clearance.
It exposed pay scales, living quarters, and residences of psychologists and other SOCOM healthcare workers.
MacKeeper researcher Chris Vickery found the leaky data store online, reporting it to Potomac Healthcare Solutions. He says the company has fixed the vulnerable system, but did not initially appear to take his warning seriously.
"It is not presently known why an unprotected remote synchronization (rsync) service was active at an IP address tied to Potomac," Vickery says.
"I do know that when I called one of the company’s CEOs to report the exposure, he did not seem to take me seriously.
"It shouldn’t take over an hour to contact your IT guy and kill an rsync daemon."
The files were taken down 30 minutes after Vickery called a US Government department contact informing them of the exposure at Protomac Healthcare Solutions.
"It’s not hard to imagine a Hollywood plotline in which a situation like this results in someone being kidnapped or blackmailed for information," he says.
"Let’s hope that I was the only outsider to come across this gem."
The security screwup also included financial and accounting information on Protomac Healthcare Solutions. ®