Unprecedented Exposure of Federal Databases Poses Critical Risk to Every American and National Security

This open-source investigation reveals a massive, completely unprecedented escalation in government database servers—normally hidden behind layers of security—now directly exposed to the Internet. The security of many of these database endpoints is far more lax than even what a small start-up would use. This leaves the door wide open for cybercriminals and spy agencies to steal our most personal information with profound implications for our national security and economy.

1. Over 2,000 observations of over 150 exposed government database servers in early 2025
2. 655 times when government database servers actively responded to connection attempts
3. 200+ cases involving data replication (port 5022) running from March 7 - 14
4. 54 newly-created or previously-internal endpoints responding to connection attempts
5. Potential Department of Defense supply chain compromise via a Polish software company

The scale of federal data exposure would be alarming any day, but the timing makes it even more suspect. These new vulnerabilities coincide with DOGE’s sweeping campaign to centralize sensitive data¹ from across the entire government, raising serious questions about how carefully—if at all—Americans’ most personal information is being protected.

¹ 1
Kelly M. Elon Musk Ally Tells Staff “AI-First” Is the Future of Key Government Agency [Internet]. WIRED. 2025 [cited 2025 Mar 17]. Available from: https://www.wired.com/story/elon-musk-lieutenant-gsa-ai-agency/

While my analysis uncovers an alarming and highly significant number of federal data systems exposed to cyberattacks, it’s tough to say exactly what’s inside without hacking it myself. But if we think about the data that DOGE has gained access to, the picture gets scary:

• Your complete identity information (SSN, DOB, address history)
• Tax and financial records, bank account numbers
• Enrollment in specific government programs, benefits received
• Medical and health information, veteran disability ratings
• Identities of whistleblowers and domestic violence survivor
• Employment history
• Family member information

This investigation relies entirely on open-source information from Shodan.io, essentially the Google of Internet-connected devices. Shodan continuously and actively scans the Internet, revealing insights into vulnerabilities and configurations of all sorts of devices. It’s used by security researchers and hackers alike–meaning anything that I’ve discovered through analysis, you can bet Russia and China know about it too.

This list is to give you an idea of who Azure Gov Cloud’s customers are, and the type of data stored in general. I can’t tell you exactly what agency the databases we’ll talk about belong to, but the fact that Azure Gov Cloud is hosting it means they are either a federal agency or contractor. It’s also noteworthy that almost every single agency or department on this list has had its data systems accessed by Musk’s DOGE.