Data Security, Email security, Privacy

Over a decade’s worth of US Internet emails leaked

Major Minnesota-based regional internet service provider U.S. Internet had internal emails and emails from thousands of individuals served by its Securence division spanning over a decade exposed due to an unsecured server, according to Krebs on Security. More than 6,500 domain names with clickable links were discovered by Hold Security founder Alex Holden within a U.S. Internet server that had been accessed through a publicly available link, with the domain links found to redirect to employee or hostname user inboxes dating as far back as 2008. Also included in the exposed information were internal emails of U.S. Internet and USI Wireless employees. Securence also had its Url-Shield link scrubbing and anti-spam service exploited by threat actors to establish links that redirect to compromised websites, noted Holden. Meanwhile, U.S. Internet CEO Travis Carter noted that the misconfiguration, which had been set by a former employee, has already been resolved. "The rest of the platform and other backend services are being audited to verify the Ansible playbooks are correct," Carter said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.