A hole in a US military email server operated by Microsoft left more than a terabyte of sensitive data exposed to the internet less than a month after Office 365 was awarded a higher level of government security accreditation.

According to security researcher Anurag Sen, who discovered the blunder and reported it, the openly accessible server was part of an internal mailbox system hosted on Azure Government Cloud and used by the Department of Defense for a variety of purposes – including the processing of security clearance paperwork.