Pentagon web stream keys left unsecured for years, report finds

The U.S. Defense Department could have had its social media accounts compromised through the exploitation of stream keys on its Defense Visual Information Distribution Service site, which remained accessible to the public for years before finally being secured this week, according to The Register.

Attackers could leverage the publicly exposed stream keys to conduct account takeover attacks against the Pentagon's Facebook, X, and YouTube channels, a report from The Intercept revealed. The security gap, which was discovered to have occurred since 2018, has already been addressed by the department.

"New stream keys have been implemented and will no longer be shared the old way. Any remaining cached info that would show stream keys would be old and out of date," said a Defense Department official.

Such findings come amid recent security snags at the Department, including the exposure of Defense Secretary Pete Hegseth's Signal chats and the discovery of its usage of a Microsoft program that involved Chinese engineers.