recommended reading

Threatwatch

Security error bares millions of Mexicans’ private emails

Insider attack; User accounts compromised; Software vulnerability

Prodigy subscribers in the country had the content of their messages exposed because of a security flaw in the company’s mobile email and webmail systems.

According to a news report by El Economista, the bug permit search engines to index confidential conversations and list them in Google and other Web search results. 

Prodigy is the main Internet Service Provider in Mexico and holds an estimated market share of 92%.

“Once a user logs into their account, anyone can access that users account via the URL, with no additional authentication required,” said security specialist Ken Westin, who discovered the flaw. “Having access to the URL granted anyone full access to that person’s email account, all emails sent and delivered to that person as well as the ability to send email on that person’s behalf.”

Google was immediately notified to flush the indexed pages from its cache.

sector

Telecommunications; Web Services

reported

August 7, 2013

reported by

Hot for Security

number affected

Several thousand email accounts

location of breach

Mexico

perpetrators

Employee

location of perpetrators

Mexico

date breach occurred

August 2013

date breach detected

August 2013