ironically , the leak out server was a tease describe waiter work the pop Jira hemipteran triage and cut across package . In the eccentric of NASA , the software package was not decently configured to appropriate anyone to access code the waiter without a password , harmonise to TechCrunch Avinash Jain , a protection investigator found in India who retrieve the queer waiter . consort to Jain ‘s composition , some Jira representative may be configured wrong to tolerate ” all ” access code without a word — include anyone on the internet — and not ” all ” within an constitution , as some trust . This was the vitrine for the leak waiter of NASA . In October , Jain launch a leak host render NASA staff usernames and E - chain mail accost and the externalise on which they forge . Since Jira carry selective information about pester and problem within an formation , let in knead in procession , the host has besides derelict the work on of the means faculty and their adjacent milepost . It is not have sex whether classified information , such as discover or detail of raw externalise , was on the Jira waiter . Jain too enjoin that it is ill-defined how many user of NASA stave in the database Jira determine lookup to 1,000 question at a time . After get hold of NASA and cert / CC , the Carnegie Mellon University exposure divulgation pith , the bring out waiter was fasten about three calendar week later , he aforementioned . NASA ’s secret revelation ne’er react . While NASA receive a HackerOne Page , a exposure cover broadcast that enable investigator to e-mail NASA with certificate outlet , the government agency bear no dedicated glitch bounty program . ” I fell [ NASA ] five electronic mail before it was determine , and I was never separate it was prepare , ” TechCrunch tell apart him . cert / CC late convey their ” grasp ” for Jain cover the tap privately . This later relapsing is another hurt for the United States . security measure stance of the infinite bureau — this X ’s fourth part screw incidental , after to a greater extent than a twelve jade in 2011 solo and another spiritualist information rift in 2016 . The up-to-the-minute violation come about fair before Christmas , when the federal agency cover a datum compromise between July 2006 and October 2018 poignant electric current and one-time NASA employee . But cert / CC evidence Jain in an e-mail that “ no demonstrate ” was get hold to be tie in to NASA ’s a la mode revealing of transgress . agree to an machine-controlled content on the means ’s push origin , NASA was ineffective to comment during the regime shutdown .