A recent security breach has exposed over a decade’s worth of internal emails from U.S. Internet Corp., a Minnesota-based Internet provider. The breach also compromised client emails from their Securence business unit, a division specializing in providing secure email services to various organizations.
Cybersecurity firm Hold Security discovered a public link to a U.S. Internet email server that contained over 6,500 domain names, each with its own clickable link leading to individual inboxes. This exposed emails from numerous clients, including state and local governments such as nc.gov, stillwatermn.gov, and cityoffrederickmd.gov.
In addition to client emails, the breach included internal emails for U.S. Internet and its subsidiary USI Wireless. U.S. Internet responded quickly to notifications of the security lapse and took down the exposed inboxes.
The company’s CEO, Travis Carter, attributed the issue to an incorrect configuration in its IMAP servers controlled by an Ansible playbook. However, U.S. Internet has not disclosed how long the emails were exposed. Additionally, cybercriminals were found to be exploiting a Securence link-scrubbing and anti-spam service to redirect visitors to hacked and malicious websites.
U.S. Internet has not provided details on the duration of the exposure or when the configuration changes occurred. The company has also not publicly disclosed the incident. This breach raises concerns about the company’s email management and security practices.
KrebsOnSecurity, a cybersecurity news site, has highlighted the seriousness of the incident and called for increased transparency and security measures from U.S. Internet.
