U.S. Internet Leaked Years of Internal, Customer Emails

Blog image that says U.S. Internet Leaked Years of Internal Customer Emails

U.S. Internet Corp., based in Minnesota, operates a business unit named Securence, which specializes in offering secure, filtered email services to businesses, educational institutions, and government agencies globally. However, an alarming oversight was recently discovered: until last week, the U.S. Internet was inadvertently making more than a decade’s worth of its internal emails, as well as those of thousands of Securence clients, accessible in plain text on the Internet, just a click away for anyone with a web browser.

Headquartered in Minnetonka, Minnesota, U.S. Internet is a regional Internet Service Provider (ISP) that provides fiber and wireless internet services. Its Securence division is renowned as “a leading provider of email filtering and management software, offering email protection and security services for small businesses, enterprises, educational institutions, and government agencies worldwide.”

Hold Security founder Alex Holden discovered over 6,500 domain names with clickable links on a U.S. Internet server accessed through a publicly available link. These links were redirected to employee or hostname user inboxes dating back to 2008. The exposed information also included internal emails from U.S. Internet and USI Wireless employees. Additionally, threat actors exploited Securence’s Url-Shield link scrubbing and anti-spam services to establish links redirecting to compromised websites, as noted by Holden.

U.S. Internet CEO Travis Carter confirmed that the misconfiguration, set by a former employee, has been resolved. “The rest of the platform and other backend services are being audited to verify the Ansible playbooks are correct,” Carter stated.

Security is paramount to any business, regardless of its size or industry. Cybersecurity incidents can lead to financial losses, reputational damage, and legal consequences. A virtual Chief Information Security Officer (vCISO) can play a crucial role in ensuring that your organization is prepared to handle these threats. A vCISO provides expertise in cybersecurity strategy, risk management, and incident response, without the cost of hiring a full-time CISO. By partnering with a vCISO, businesses can proactively protect their assets and mitigate the risks associated with cyber threats. Protect your business today by consulting with RedGlow Cyber, your trusted cybersecurity partner.

If you would like an initial security assessment to ensure the security of your environment, contact us. Our team of experts is ready to assist you in protecting your business and ensuring a secure future. Don’t compromise on security—trust RedGlow Cyber for all your cybersecurity needs