Friday, February 16, 2024

U.S. Internet Leaked Years of E-mails

Brian Krebs:

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser.


Hold Security founder Alex Holden said his researchers had unearthed a public link to a U.S. Internet email server listing more than 6,500 domain names, each with its own clickable link.

Drilling down into those individual domain links revealed inboxes for each employee or user of these exposed host names. Some of the emails dated back to 2008; others were as recent as the present day.

I’ve never seen anything like this.


3 Comments RSS · Twitter · Mastodon

Hmm, USI is my ISP 😱 A pretty decent fiber provider in Minneapolis.

But... HOW???

@Plume I can imagine a quite typical scenario: A web developer wanted a log, either for debugging, or for data restoration in case the code did something wrong and lost / destroyed data. So everything gets appended into a log file. The mistake would be to write this log file to an unprotected directory that's hosted by the web server.

Leave a Comment