Your big government at work!
Massive secret data from the Oklahoma Department of Securities was configured for public access in what experts call an astonishing breach of government records.
Forbes reported that this past December, 3 TERABYTES of unprotected data was found by Greg Pollock, a researcher with cybersecurity firm UpGuard. He closed the breach, but not before it was accessible to anyone with an Internet connection for who knows how long.
Millions of files, many on sensitive FBI investigations, were left on a server without a password that anyone on the Internet could access.
“It represents a compromise of the entire integrity of the Oklahoma Department of Securities’ network,” said Chris Vickery, head of research at UpGuard, which is revealing its technical findings on Wednesday. “It affects an entire state level agency. … It’s massively noteworthy.”
The leak also included email archives stretching back 17 years, thousands of social security numbers and data from the 1980s onwards.
The Oklahoma department regulates all financial securities business happening in the state. As a result, there was leaked information on FBI cases. And the amount and variety of data were astonishing.
“All sorts of archive enforcement actions” back to 2012 were included in the leak. There were also copies of letters from subjects, witnesses and other parties involved in FBI investigations. Names of major companies were leaked as well.
The data was exposed via an unsecured rsync service at an IP address registered to the Oklahoma Office of Management and Enterprise Services, allowing any user from any IP address to download all the files stored on the server.