Dismissed hacker calls US Govt buddy to nix exposed database
A Pentagon subcontractor has exposed the names, locations, Social Security Numbers, and salaries of Military Special Operations Command (SOCOM) healthcare professionals.
The 11Gb cleartext and openly accessible database also included names and locations of at least two Special Forces analysts with Top Secret government clearance.
It exposed pay scales, living quarters, and residences of psychologists and other SOCOM healthcare workers.
MacKeeper researcher Chris Vickery found the breach, reporting it to Protomac Healthcare Solutions.
He says the company has fixed the exposure, but did not initially appear to take his disclosure seriously.
“It is not presently known why an unprotected remote synchronization (rsync) service was active at an IP address tied to Potomac,” Vickery says.
“I do know that when I called one of the company’s CEOs to report the exposure, he did not seem to take me seriously.
“It shouldn’t take over an hour to contact your IT guy and kill an rsync daemon.”
The files were taken down 30 minutes after Vickery called a US Government department contact informing them of the exposure at Protomac Healthcare Solutions.
“It’s not hard to imagine a Hollywood plotline in which a situation like this results in someone being kidnapped or blackmailed for information,” he says.
“Let’s hope that I was the only outsider to come across this gem.”
The breach also included financial and accounting information on Protomac Healthcare Solutions. ®
Sponsored: Customer Identity and Access Management