U.S. Internet Corp. exposes thousands of emails they were supposed to protect

U.S. Internet Corp, a Minnesota-based Internet service provider known for its Securence division that offers secure email filtering services globally, inadvertently exposed over a decade's worth of internal and client emails.

The leak included thousands of Securence clients, making sensitive data accessible to anyone with an internet connection. The breach, highlighted by cybersecurity expert Brian Krebs and discovered by Hold Security, revealed over 6,500 domain names linked to individual inboxes, affecting customers across a wide spectrum, including state and local governments.

Hold Security found a public link to U.S. Internet's email server, exposing emails dating from 2008 to the present. Among the exposed were internal communications of U.S. Internet and USI Wireless employees, including those of U.S. Internet's CEO, Travis Carter.

The breach was attributed to a misconfiguration in the Ansible playbook controlling the Nginx configuration for IMAP servers, a mistake traced back to a former employee's error that went unnoticed for an extended period.

U.S. Internet's CEO, Travis Carter, acknowledged the incident, emphasizing the company's immediate response to remove the exposed content from public access and initiate an investigation into the breach. Despite the significant lapse, Carter highlighted that the exposure was swiftly addressed, minimizing potential damage. He also noted the lack of evidence indicating data theft, with unauthorized access limited to fewer than 10 customers and fewer than 300 individual emails. The company is conducting a comprehensive audit of its platform and backend services to prevent future incidents.