Vox has fixed an issue with an email relay server which resulted in email addressed accidentally being exposed.
The head of Vox Managed IT, Barry Kemp, said Vox Managed Services uses an email relay server to deliver emails for a small number of customers “in order to ensure that their emails are reliably delivered and not marketed as spam by other ISPs”.
“Under normal circumstances, HTTP access is blocked to this server in order to secure it,” said Kemp.
“During the process of a service improvement project to monitor volumes and reduce spam, HTTP was activated to enable engineers to monitor using a third-party tool.”
The unintended consequence was that “sent to” email addresses of up to 44 customers were accidentally exposed.
“This was escalated to our Network Security Officer and HTTP access has been disabled with immediate effect.”
Vox said it is grateful to the individual who highlighted the vulnerability.
“We would like reiterate that only sender email addresses were exposed, and not email content, attachments, or any other critical customer data.”