Typo leaks millions of US military emails to Mali web operator

“米軍(.mil)へ送ったはずのメールがタイプミスによりマリ(.ml)宛に送られていた可能性があるとFT報道。同ドメインの管理を担当していたオランダの実業家 Zuurbier氏が問題に気づき2023年1月から観測した結果これまで約11万7千件の誤送信メールを補足。大半はスパムだったが中には医療データや職員リストなど機微情報が含まれるものもあった。

Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.

Millions of US military emails have been misdirected to Mali through a “typo leak” that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers.

Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses.

The problem was first identified almost a decade ago by Johannes Zuurbier, a Dutch internet entrepreneur who has a contract to manage Mali’s country domain.

Zuurbier has been collecting misdirected emails since January in an effort to persuade the US to take the issue seriously. He holds close to 117,000 misdirected messages — almost 1,000 arrived on Wednesday alone. In a letter he sent to the US in early July, Zuurbier wrote: “This risk is real and could be exploited by adversaries of the US.”

Typo leaks millions of US military emails to Mali web operator
jyrosecurity (3)
Nash (4)
previous arrowprevious arrow
next arrownext arrow