Connect with us

Hi, what are you looking for?


Email Security

Flaw Allowed Hackers to Steal Emails From Verizon Users

A critical vulnerability affecting Verizon’s webmail service could have been exploited by malicious actors to silently forward a targeted user’s emails to an arbitrary address.

A critical vulnerability affecting Verizon’s webmail service could have been exploited by malicious actors to silently forward a targeted user’s emails to an arbitrary address.

Researcher Randy Westergren discovered several vulnerabilities in Verizon’s webmail portal. The most serious of them was related to the feature that allows users to forward all incoming emails to a specified address. When this feature is enabled, the forwarded emails are not shown in the normal Verizon inbox.

Analyzing the request sent when forwarding is activated and the response from the server, the researcher noticed a userID parameter. These types of parameters often introduce insecure direct object reference (IDOR) vulnerabilities, where an attacker can access content they are not authorized to access (e.g. a user account) simply by changing the value of the parameter.

The expert determined that the value of the userID was associated with an internal verizon ID. However, he found a way to look up the internal ID and obtain the mail ID for a specified email address by using a Verizon API.

Using this method, an attacker who possessed a Verizon email account could have substituted the value of the userID in their own request with the ID of a targeted user in order to forward all the victim’s emails to an arbitrary email address.

“Any user with a valid Verizon account could arbitrarily set the forwarding address on behalf of any other user and immediately begin receiving his emails — an extremely dangerous situation given that a primary email account is typically used to reset passwords for other accounts that a user might have, .e.g banking, Facebook, etc,” Westergren said in a blog post.

“Recall that incoming emails would no longer be received by the user’s inbox, so they would be oblivious to such an account compromise — this would also make it much easier for an attacker to go about resetting other passwords since the reset emails would never be received by the victim,” the expert noted.

Advertisement. Scroll to continue reading.

The researcher developed a proof-of-concept (PoC) that he sent to Verizon along with a vulnerability report on April 14. The flaw was patched by Verizon nearly one month later – the telecoms giant attributed the delay to the recent strikes. While analyzing the issue discovered by Westergren, the company identified similar problems in other requests as well.

This is not the first time Westergren has found a serious vulnerability in a Verizon email application. Last year, the expert reported finding a flaw in the Android app for Verizon’s FiOS service. The weakness could have been exploited by malicious hackers to hijack the email accounts of Verizon customers.

Related: Verizon’s Hum Website Found Leaking Credentials

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

After skipping last month, Adobe returned to its scheduled Patch Tuesday cadence with the release of fixes for at least 38 vulnerabilities in multiple...

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.