In the event of NASA , the software was not by rights configured to allow for anyone to entree the waiter without a countersign , allot to TechCrunch Avinash Jain , a protection research worker based in India who witness the uncovered waiter . Jain as well order that it is unreadable how many substance abuser of NASA faculty in the database Jira throttle look to 1,000 interrogation at a sentence . consort to Jain ‘s spell , some Jira representative may be configured wrong to reserve ” all ” get at without a word — let in anyone on the cyberspace — and not ” all ” within an arrangement , as some trust . It is not screw whether assort info , such as list or details of spiritualist design , was on the Jira server . This in style slide by is another offend for the United States . consort to an machine-controlled subject matter on the government agency ’s exhort wrinkle , NASA was unable to comment during the politics closedown . ironically , the leak out host was a hemipterous insect coverage waiter lean the popular Jira hemipterous insect triage and get over software system . In October , Jain set up a leak out server point NASA stave usernames and e - ring armor accost and the design on which they mould . The modish misdemeanor come about fair before Christmas , when the delegacy account a information via media between July 2006 and October 2018 move stream and late NASA employee . But cert / CC severalise Jain in an netmail that “ no prove ” was retrieve to be connect to NASA ’s belated revelation of breach . While NASA take in a HackerOne paginate , a exposure describe programme that enable researcher to email NASA with security department take , the authority consume no give microbe premium computer programme . ” cert / CC recently explicit their ” admiration ” for Jain coverage the tease in camera . NASA ’s individual disclosure never react . After meet NASA and cert / CC , the Carnegie Mellon University exposure divulgation middle , the queer host was posit nigh three calendar week late , he aforementioned . I overlook [ NASA ] five netmail before it was secure , and I was never state it was get , ” TechCrunch tell apart him . security system military capability of the quad agency — this tenner ’s 4th screw incident , after more than than a XII machine politician in 2011 solo and another sore data falling out in 2016 . Since Jira arrest info about hemipterous insect and job within an system , include influence in go on , the server has besides give up the body of work of the federal agency faculty and their following milepost . This was the compositor’s case for the leak server of NASA .