Over 150 government database servers normally hidden behind layers of security are now directly exposed to the Internet, leaving Americans’ data vulnerable to cyberattacks.
A groundbreaking open-source investigation has revealed what experts describe as “one of history’s largest exposures of vulnerability to cyber attacks” affecting federal data systems.
The investigation, utilizing the public scanning platform Shodan.io, documented over 2,000 observations of exposed government database servers in early 2025.
.png
)
More concerning, these servers actively responded to connection attempts 655 times, indicating serious security gaps in systems designed to protect Americans’ most sensitive information.
The database vulnerabilities have been analyzed across Azure Government Cloud a platform used by at least 15 major federal agencies, including the Departments of Agriculture, Education, Energy, Health and Human Services, and Veterans Affairs.
Multiple Critical Technical Issues
Cyber-intelligence reports revealed multiple critical technical failures that would shock cybersecurity professionals:
- Database ports (1433 for SQL Server, 3306 for MySQL, 5432 for PostgreSQL) directly exposed to the internet for months
- Server administrators deliberately weakened default security settings that normally protect these systems
- Weak username/password authentication methods chosen over more secure Azure authentication options
- Over 200 instances of data replication (port 5022) running continuously since March 7, creating additional attack vectors
Perhaps most concerning, 57 newly created or previously internal endpoints have been responding to connection attempts for 48 consecutive days, creating persistent vulnerabilities:
The investigation also uncovered a potential Department of Defense supply chain compromise through Kruko.io, a Polish software company with DoD connections.
Their infrastructure has been compromised and included in a global botnet with nodes in China, Russia, and Iran.
“This isn’t about politics. This is about protecting every American’s privacy and security in an increasingly digital world,” the report emphasizes.
Personal Data at Risk
The exposed databases potentially contain Americans’ most sensitive information:
- Social Security numbers and complete identity information
- Tax records and bank account details
- Medical histories and health information
- Veteran disability ratings
- Whistleblower identities and domestic violence survivor information
These exposures coincide with DOGE’s campaign to centralize sensitive data from across the government, raising serious questions about data protection protocols.
The current level of database exposure significantly exceeds historical baselines. PostgreSQL servers responding to external connections have increased fourfold over previous maximums, while open MySQL ports have jumped from a previous maximum of 3 to 43 per month, a fourteen-fold increase.
“This situation presents a critical risk,” notes the report, explaining that replication channels typically use highly privileged database accounts that could allow attackers to “intercept sensitive data, potentially inject malicious data, and gain administrative-level access to connected systems.”
Security experts warn that foreign intelligence agencies likely already know about these vulnerabilities, given they were discovered using publicly available scanning tools.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
