Security error bares millions of Mexicans’ private emails
Insider attack; User accounts compromised; Software vulnerability
Prodigy subscribers in the country had the content of their messages exposed because of a security flaw in the company’s mobile email and webmail systems.
According to a news report by El Economista, the bug permit search engines to index confidential conversations and list them in Google and other Web search results.
Prodigy is the main Internet Service Provider in Mexico and holds an estimated market share of 92%.
“Once a user logs into their account, anyone can access that users account via the URL, with no additional authentication required,” said security specialist Ken Westin, who discovered the flaw. “Having access to the URL granted anyone full access to that person’s email account, all emails sent and delivered to that person as well as the ability to send email on that person’s behalf.”
Google was immediately notified to flush the indexed pages from its cache.
Telecommunications; Web Services
August 7, 2013
Hot for Security
Link to report
Several thousand email accounts
location of breach
location of perpetrators
date breach occurred
date breach detected