The ease with which someone else's emails could be accessed is astounding.
The American company Securence, which specializes in providing email filtering and protection services, recently faced a serious problem: security experts revealed that the correspondence of the company and thousands of its customers was publicly available for more than a decade.
Securence, which represents itself as a leader in email filtering and management, has promised reliable data protection to its customers, including businesses, educational institutions and government agencies around the world. However, the reality turned out to be far from the company's statements.
The vulnerability was discovered thanks to the efforts of experts from Hold Security. Its founder, Alex Holden, discovered a public link leading to the email server of U.S. Internet, the parent company of Securence, where more than 6,500 domain names could be easily accessed. Each of these names led to individual mailboxes of employees or users.
Only a small part of the companies that trusted Securence with their security
Securence's clients included dozens of state and local governments, including the official website of North Carolina, the website of the city of Stillwater in Minnesota, and the government of the city of Frederick in Maryland. The discovery put data privacy at risk not only for these organizations, but also for all Securence customers.
Interestingly, the list of detected emails also included messages from all current and former employees of U.S. Internet, including personal correspondence of the company's CEO Travis Carter.
As it soon turned out, the problem was related to an incorrect configuration of the servers responsible for processing email, which led to unauthorized disclosure of information. This circumstance underlines the importance of proper monitoring and verification of security systems, especially when it comes to protecting personal data.
In addition to the data leak issue, it was revealed that attackers exploited the Securence service to create malicious links. These links, originally designed to protect against spam and phishing, redirected users to infected sites, increasing their security risks.
The situation with U.S. Internet and Securence has been the subject of wide discussion in the cybersecurity community. At the time of publication of this news, the company did not provide full information about when exactly the vulnerability was introduced in the mail filtering service, and what changes were made to prevent similar incidents in the future.
This case was a good reminder for all service providers in cyberspace of the importance of a comprehensive approach to security, as well as the need for constant monitoring and auditing of their systems.
The American company Securence, which specializes in providing email filtering and protection services, recently faced a serious problem: security experts revealed that the correspondence of the company and thousands of its customers was publicly available for more than a decade.
Securence, which represents itself as a leader in email filtering and management, has promised reliable data protection to its customers, including businesses, educational institutions and government agencies around the world. However, the reality turned out to be far from the company's statements.
The vulnerability was discovered thanks to the efforts of experts from Hold Security. Its founder, Alex Holden, discovered a public link leading to the email server of U.S. Internet, the parent company of Securence, where more than 6,500 domain names could be easily accessed. Each of these names led to individual mailboxes of employees or users.
Only a small part of the companies that trusted Securence with their security
Securence's clients included dozens of state and local governments, including the official website of North Carolina, the website of the city of Stillwater in Minnesota, and the government of the city of Frederick in Maryland. The discovery put data privacy at risk not only for these organizations, but also for all Securence customers.
Interestingly, the list of detected emails also included messages from all current and former employees of U.S. Internet, including personal correspondence of the company's CEO Travis Carter.
As it soon turned out, the problem was related to an incorrect configuration of the servers responsible for processing email, which led to unauthorized disclosure of information. This circumstance underlines the importance of proper monitoring and verification of security systems, especially when it comes to protecting personal data.
In addition to the data leak issue, it was revealed that attackers exploited the Securence service to create malicious links. These links, originally designed to protect against spam and phishing, redirected users to infected sites, increasing their security risks.
The situation with U.S. Internet and Securence has been the subject of wide discussion in the cybersecurity community. At the time of publication of this news, the company did not provide full information about when exactly the vulnerability was introduced in the mail filtering service, and what changes were made to prevent similar incidents in the future.
This case was a good reminder for all service providers in cyberspace of the importance of a comprehensive approach to security, as well as the need for constant monitoring and auditing of their systems.
