Thanks to a tip from a Metro employee to Scoop: Nashville, thousands of Metro Nashville employee’s personal email addresses are now just a bit more private.
Scoop: Nashville reached out to Metro Nashville on Tuesday morning, to inform the city they had inadvertently allowed access to an entire database of current and former city employees email addresses. This database was available on a public-facing server, open for anyone to view, access, and download for any use. The database had also been cached by google in search results. It is not known how many people downloaded a copy of the 19,340 email addresses, or what they may have been used for. What we do know is that 1,754 of those addresses were employee’s private personal email accounts, such as gmail, yahoo, live, & alumni accounts, just to name a few.
Due to the location of the database (https://esspwmgr.mywts.com:8443/home.do), it is believed the addresses/logins were associated with ESS (Employee Self Service), which is managed by AD (Active Directory) management software, which is where the database was available from without having to authenticate or log in.
Metro Nashville ITS, nor the Mayor’s office, responded to our notice that employees private email addresses were made available to the public, however they were removed from public view within hours of the city receiving our notice of the information leak. In light of their non-response or acknowledgement to the notice, we have chosen to make public the full 17,000+ email database of metro government email addresses for convenience of anyone that should need them, as they are all a matter of public record. We have removed all employee’s personal email addresses from this published database. The database contains the complete set of employee addresses associated with the nashville.gov, jis.nashville.gov, mnps.k12.org, mnps.org, mws.nashville.gov, nashvillemcc.com, and police.nashville.gov domains.