Summary
A vulnerability in the new OPM email server allowed anyone to send mass messages to federal employees, exposing poor cybersecurity.
Over 13,000 NOAA staff received spam and vulgar messages, including crude jokes about Trump and bizarre newsletters, causing widespread outrage.
The breach resulted from an overhaul led by Elon Musk that installed underqualified personnel and an insecure in-house system, sparking a class-action lawsuit for cybersecurity failures.
The unsecured system also inadvertently revealed ties to Project 2025 and a plan to gather government employee data as Trump’s loyalists reshape federal operations.
It’s been 4 days.
How did people get these email addresses?
I mean, the domain is known.
But was the system that president musk broke really holding back this torrent of abuse and garbage?
Feels like actual email addresses were leaked.
Unless it was a mailing list that was suddenly exposed.
Still seems strange that an email that simply says “yo” suddenly came through as part of the spam.
Feels like email addresses were posted somewhere, and someone jumped on for the lulz. Along with the wall of trolls and abusers jumping on.
I mean, as soon as I link a domain to an IP, I see all sorts of “security” scans turn up. Till then, firewall is pretty quiet.
And if I wildcard direct a domain to an ip, the root gets scanned but any sub domains don’t.
I feel email addresses would follow a similar pattern.
It’s worse than you think. Last week we got an email that looked like strait up fishing spam demanding that we were to email back “yes” confirming that we got the email. So many people even reported it as spam that we had supervisors have to directly tell us that it was legit. Then they sent out a second email with a warning that is was in fact legit and to respond to that email with “yes” if we got that one.
On the back end at OPM: Musk forced his way in and demanded to redo the email servers. The IT told him it wasn’t possible for what he was asking. So he brought in his own goons to install a non government server with unknown software and unknown security configurations and they plugged it into the OPM network to spoof it as an official OPM server, then sent out those emails.
And sure enough, the idiot didn’t didn’t configure the security correctly or let official government IT people touch it, it ended up backdooring into the entire government HR system, and it had every active government email that responded “yes” to his stupid email that we were required to. And now we know it was compromised. There is no telling what foreign governments now have all of that info as well as what other backdoors they have installed.
Holy shit.
That’s some shit that contravenes every security briefing, every security best practice.
Then they go and spoof a legit government installation with their own bullshit?!
Fucking Hilary and her email servers. But like times 10. Legitimately compromising the US government communications.
Why is this lawsuits, why isn’t this treason?!
This is way worse than Hillary’s email servers.
Hillary occasionally conducted government business on an email servers owned by her, but also on her (not .gov) domain.
I never knew the details. But I wouldn’t doubt that for simplicity sake they probably had multiple accounts configured on the same phone. At that point, it’s incredibly easy to accidentally respond or start a chain from the wrong address. Who among us hasn’t done that, we actually grew up with this stuff.
What Musk did was set up his own separate infrastructure to send and receive emails, on a .gov domain, and use that server, as a private contractor to the president, to circumvent tons of critical processes and security practices, in order to push his clients agenda.
The point of that agenda is to nip checks-and-balances in the balls so the president can unilaterally enact “his” (or the highest bidders…Heritage, Musk, Thiel, Federalists, Illuminati, Skull and Bones, whatever, at this point it’s all the same) agenda.
It. Is. Actual. Treason.
By an illegal immigrant, no less.
Because Musk bought the election for Trump, and now Musk do whatever he wants.