Flaw in E-mailing System Exposes Millions of Mexicans
A massive numbers of Prodigy subscribers in Mexico have had their email conversations exposed overnight because of a security flaw in the company’s mobile e-mail and web-based mail systems.
According to a news report by El Economista, the flaw allowed search engines to simply index private conversations and list them on the World Wide Web in search results. At the moment, security specialist Ken Westin, who discovered the flaw, estimates that several thousand e-mail accounts registered on prodigy.net.mx and several other domains have been exposed.
According to the same expert, Prodigy is the main Internet Service Provider in Mexico and holds an estimated market share of 92%
“Once a user logs into their account, anyone can access that users account via the URL, with no additional authentication required,” said Westin. “Having access to the URL granted anyone full access to that person’s email account, all emails sent and delivered to that person as well as the ability to send email on that person’s behalf.”
The issue was disclosed upon discovery, and the researcher notified Google to flush the indexed pages from its cache.