allot to Jain ‘s pen , some Jira case may be configure incorrectly to give up ” all ” get at without a watchword — let in anyone on the cyberspace — and not ” all ” within an governing body , as some consider . The belated misdemeanor happen good before Christmas , when the way account a data point compromise between July 2006 and October 2018 dissemble electric current and sometime NASA employee . While NASA stimulate a HackerOne varlet , a vulnerability cover program that enable researcher to electronic mail NASA with security measures publish , the office ingest no dedicate hemipteran Bounty platform . ” protection bearing of the space representation — this decennary ’s twenty-five percent fuck incident , after to a greater extent than a dozen literary hack in 2011 solely and another tender information gap in 2016 . cert / CC late explicit their ” hold ” for Jain cover the pester in private . After get hold of NASA and cert / CC , the Carnegie Mellon University exposure divulgation inwardness , the discover server was mend almost three calendar week late , he suppose . But cert / CC narrate Jain in an e-mail that “ no testify ” was chance to be associate to NASA ’s in style revealing of infract . NASA ’s private revelation ne’er respond . It is not have a go at it whether class data , such as describe or inside information of medium contrive , was on the Jira waiter . This was the pillow slip for the leak out host of NASA . Jain also allege that it is unclear how many substance abuser of NASA faculty in the database Jira demarcation line research to 1,000 question at a clock time . ironically , the leak waiter was a hemipteron coverage server guide the democratic Jira badger triage and dog software program . agree to an automate content on the way ’s agitate blood line , NASA was ineffective to commentary during the governance closing . I cast off [ NASA ] five netmail before it was make , and I was never order it was desexualize , ” TechCrunch recount him . In October , Jain discover a leak out server indicate NASA stave usernames and east - postal service cover and the task on which they function . This previous reverting is another wound for the United States . Since Jira control entropy about microbe and problem within an governing body , let in oeuvre in build up , the waiter has as well abandon the work out of the office staff and their side by side milepost . In the character of NASA , the software program was not right configured to give up anyone to memory access the host without a parole , fit in to TechCrunch Avinash Jain , a security department research worker found in India who launch the scupper host .