asian new zealand IT


IHUG's web based email has security hole that exposes user password

, posted: 19-Oct-2007 11:37

Apparently IHUG’s web based email has a security flaw that exposes user password. I got this story from a customer of IHUG who found this problem. He warned IHUG about this weeks ago but instead IHUG told him that it is just a problem unique to him. Recently, more people in the mailing list have confirmed that they have the same problem.

I have just contacted IHUG via their website about this. I hope they don’t just ignore it like what they did to the person who found this problem.

More information

Other related posts:
Food delivery Auckland
php phd
Pizza King (Wellington)






Comment by sbiddle, on 19-Oct-2007 12:16

I had an experience with an online store several months ago that sells laptop accessories and batteries in NZ. I realised that it was very easy to simply changing the xxxx.php?userid=1234 to something else that anybody could view any customers account details, address, email and phone numbers. Their response to several emails that I sent them? Absolutely nothing and the flaw still exists. While I experienced great customer service from them on the several occasions I ordered stuff I certainly won't be doing business with them again.


Comment by The team at ihug, on 19-Oct-2007 13:40

A big thanks to those who contacted us directly about this - our engineers are aware of the issue and it will be fixed within the next hour. ihug usernames and passwords were not visible on the page however if you clicked 'view source' after logging in via the homepage or my ihug page, then these were displayed in the source information. This issue didn't occur if you logged in directly using the webmail login page (https://webmail.ihug.co.nz/). We sincerely apologise for this and once again, thank those who alerted us. Please be assured this issue won't recur. Cheers, The team at ihug


Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and shown in this blog post.

Your name:

Your e-mail:

Your webpage: