Industry News

Flaw in E-mailing System Exposes Millions of Mexicans

A massive numbers of Prodigy subscribers in Mexico have had their email conversations exposed overnight because of a security flaw in the company’s mobile e-mail and web-based mail systems.

According to a news report by El Economista, the flaw allowed search engines to simply index private conversations and list them on the World Wide Web in search results.  At the moment, security specialist Ken Westin, who discovered the flaw, estimates that several thousand e-mail accounts registered on and several other domains have been exposed.

According to the same expert, Prodigy is the main Internet Service Provider in Mexico and holds an estimated market share of 92%

“Once a user logs into their account, anyone can access that users account via the URL, with no additional authentication required,” said Westin. “Having access to the URL granted anyone full access to that person’s email account, all emails sent and delivered to that person as well as the ability to send email on that person’s behalf.”

The issue was disclosed upon discovery, and the researcher notified Google to flush the indexed pages from its cache.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.