I was teasing this scoop last week, and only held publication of it until the company confirmed it had addressed the problem:
The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade's worth of its internal email -- and that of thousands of Securence clients -- in plain text out on the Internet and just a click away for anyone with a Web browser.
https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/
There are a lot of jaw-dropping moments in this story. Here's one: Incredibly, included in this giant index of U.S. Internet customer emails were the internal messages for every current and former employee of U.S. Internet and its subsidiary U.S. Wireless. Since that index also included the messages of U.S. Internet’s CEO Travis Carter, KrebsOnSecurity forwarded one of Mr. Carter’s own recent emails to him, along with a request to understand how exactly the company managed to screw things up so spectacularly.
BTW, I forgot to mention this in the story, but that US Internet web page in the screenshot shows this -- they weren't even using SSL. Worse, there were probably well more than 6,500 business customers exposed, because you got a slightly different set of customers by changing a number in the URL up or down.
