Mweb email migration has critically failed

G

GhostShow

Well-Known Member
Joined
Apr 4, 2020
Messages
138
Reaction score
32
Hi all,

I wished to share how fantastically mweb has failed this (@Webafrica Helper I suggest you guys do something, @Mweb Support @MWEBHelp ).(warning this is a bit of a rant on what happend)

My mom has been an mweb client for over 2 decades, despite me telling her to move.
During the start of the migration her mailbox stopped functioning, no new emails arrived. Mweb told her if there are any missing she needs to log into a test/backup server to mark the ones missing, except that server would not allow her to login. So another support ticket logged, support told us they will look into this. It's now April and nothing has happened. Now the backup server no longer exists and those email are now simply gone. So while there were unresolved issues Mweb still proceeded to shut down the backup and just not care about any problems any clients had.

My email account has lost everything prior to the migration. There is no emails earlier than 2026. So this is a critical data loss they have done via the migration.

Dedicated support line? Sure, spend hours on hold to not get anywhere, or the line gets cut off.

But wait it gets even better. Now according to my knowledge she had a 5Gb mailbox account. Now the account overview shows it's only 2Gb but if you go into the webmail, at the bottom left it shows the amount used 2.6G (97%). 2.6Gb of 2Gb = 97% usage??? How does that math work?
Email also take ages, within the same mweb account between mailboxes it takes around 6 minutes for an email. Using outlook? That takes hours or days to get a new email.

I have also found out that the antispam(which doesn't seem to work and causes us to see the same spam message up to 5 times) service they use, well that sits in Vancouver in Canada, you can see this in the email headers with the IP's, even when sending an email from one mailbox to another mailbox within mweb under the same account.

Previously mweb was also very loose when it came to SMTP authentication and encryption. You could send an email as any mweb account because all of that was optional. So are all the emails now going from the CapeTown server via unecrypted channels to Canada and back?

I am strongly advising my mom to move from Mweb, and I strongly advise everyone else to NEVER use their email services.

Oh not to mention the critical failure of how they store passwords. Mweb can SMS you your password in the clear! Read that again. This means they store the password in the clear, so if that service is breached everyone's passwords are leaked in the clear.
Secondly SMS is not a secure channel to send sensitive information like that.
 
No one here is with Mweb. We all know Mweb, WebAfrica, Telkom, Cell C, Vodacom, MTN, Supersonic are all kak 🤨
 
labratza said:
Do not know how people are still supporting MWEB. Was with them back in the day with big black box but as soon as ADSL came to us we got rid of them
Click to expand...
Legacy ballies unwilling to part with their @mweb.co.za email address.
 
GhostShow said:
Hi all,

I wished to share how fantastically mweb has failed this (@Webafrica Helper I suggest you guys do something, @Mweb Support @MWEBHelp ).(warning this is a bit of a rant on what happend)

My mom has been an mweb client for over 2 decades, despite me telling her to move.
During the start of the migration her mailbox stopped functioning, no new emails arrived. Mweb told her if there are any missing she needs to log into a test/backup server to mark the ones missing, except that server would not allow her to login. So another support ticket logged, support told us they will look into this. It's now April and nothing has happened. Now the backup server no longer exists and those email are now simply gone. So while there were unresolved issues Mweb still proceeded to shut down the backup and just not care about any problems any clients had.

My email account has lost everything prior to the migration. There is no emails earlier than 2026. So this is a critical data loss they have done via the migration.

Dedicated support line? Sure, spend hours on hold to not get anywhere, or the line gets cut off.

But wait it gets even better. Now according to my knowledge she had a 5Gb mailbox account. Now the account overview shows it's only 2Gb but if you go into the webmail, at the bottom left it shows the amount used 2.6G (97%). 2.6Gb of 2Gb = 97% usage??? How does that math work?
Email also take ages, within the same mweb account between mailboxes it takes around 6 minutes for an email. Using outlook? That takes hours or days to get a new email.

I have also found out that the antispam(which doesn't seem to work and causes us to see the same spam message up to 5 times) service they use, well that sits in Vancouver in Canada, you can see this in the email headers with the IP's, even when sending an email from one mailbox to another mailbox within mweb under the same account.

Previously mweb was also very loose when it came to SMTP authentication and encryption. You could send an email as any mweb account because all of that was optional. So are all the emails now going from the CapeTown server via unecrypted channels to Canada and back?

I am strongly advising my mom to move from Mweb, and I strongly advise everyone else to NEVER use their email services.

Oh not to mention the critical failure of how they store passwords. Mweb can SMS you your password in the clear! Read that again. This means they store the password in the clear, so if that service is breached everyone's passwords are leaked in the clear.
Secondly SMS is not a secure channel to send sensitive information like that.
Click to expand...
Hi GhostShow,

Thanks for taking the time to share this. We can understand how frustrating and concerning this experience must be, especially when it involves long-standing accounts and important email history.

We’ve seen that Mweb Support has already responded to your comment on another thread and requested the account holder’s details via DM. This step is important so they can securely verify the profile and access the full history needed to investigate what’s happened properly.

Given the nature of the concerns raised, including mailbox access, migration outcomes, and service behaviour, they will need to conduct a detailed review on their side. Once the details are shared, their team will be in the best position to dig into this thoroughly and work towards a resolution.

We know how important email continuity and reliability are, and situations like this can be incredibly disruptive. The Mweb Support team will do their best to get this addressed as quickly as possible once they have the verified information.

If there’s anything else you’d like Webafrica to guide you on from this side, feel free to send us a DM. We're here for you.

Warm regards,
Webafrica Crew.
 
Webafrica Helper said:
Hi GhostShow,

Thanks for taking the time to share this. We can understand how frustrating and concerning this experience must be, especially when it involves long-standing accounts and important email history.

We’ve seen that Mweb Support has already responded to your comment on another thread and requested the account holder’s details via DM. This step is important so they can securely verify the profile and access the full history needed to investigate what’s happened properly.

Given the nature of the concerns raised, including mailbox access, migration outcomes, and service behaviour, they will need to conduct a detailed review on their side. Once the details are shared, their team will be in the best position to dig into this thoroughly and work towards a resolution.

We know how important email continuity and reliability are, and situations like this can be incredibly disruptive. The Mweb Support team will do their best to get this addressed as quickly as possible once they have the verified information.

If there’s anything else you’d like Webafrica to guide you on from this side, feel free to send us a DM. We're here for you.

Warm regards,
Webafrica Crew.
Click to expand...
Dear Webafrica,

This isn't just beyond frustrating, this is a critical failure of services. Not only is reliability in question here but the security and availability as well. Mweb has failed in all 3 categories. While telling everyone they have a dedicated support team, that did absolutely nothing to resolve this. So I appreciate that you replied, but this is only corporate word salad, until real action is taken and things change. Since Webafrica now owns Mweb, I expect Webafrica to launch an investigation here to address some critical security issues. That is why I have tagged you in here as well.
 
@GhostShow
We completely get why you feel this strongly, especially when it comes to reliability, security, and access to important information.

From our side, we want to make sure this is handled in the right way by the right team that has full visibility of the account and systems involved. Mweb Support has already requested the account holder’s details via DM, and that step is key to enabling a proper, in-depth investigation.

Once those details are shared, their team will be able to securely verify the profile, review the migration history, and assess the concerns you’ve raised in detail. These types of issues often require access to account-level data and logs, which can only be handled through a verified support channel.

We hear your concerns, and the best next step is to continue a DM conversation with @Mweb Support, so they can take this forward and work towards a resolution as quickly as possible.

Warm regards,
Webafrica Crew.




GhostShow said:
Dear Webafrica,

This isn't just beyond frustrating, this is a critical failure of services. Not only is reliability in question here but the security and availability as well. Mweb has failed in all 3 categories. While telling everyone they have a dedicated support team, that did absolutely nothing to resolve this. So I appreciate that you replied, but this is only corporate word salad, until real action is taken and things change. Since Webafrica now owns Mweb, I expect Webafrica to launch an investigation here to address some critical security issues. That is why I have tagged you in here as well.
Click to expand...
 
Last edited:
Webafrica Helper said:
@GhostShow
We really appreciate you taking the time to lay this out so clearly. We completely get why you feel this strongly, especially when it comes to reliability, security, and access to important information.

From our side, we want to make sure this is handled in the right way by the team that has full visibility of the account and systems involved. Mweb Support has already requested the account holder’s details via DM, and that step is key to enabling a proper, in-depth investigation.

Once those details are shared, their team will be able to securely verify the profile, review the migration history, and assess the concerns you’ve raised in detail. These types of issues often require access to account-level data and logs, which can only be handled through a verified support channel.

We hear your concerns, and the best next step is to continue a DM conversation with Mweb Support, so they can take this forward and work towards a resolution as quickly as possible.

Warm regards,
Webafrica Crew.
Click to expand...
One more thing

If a service can SMS you your current password, it means they are storing it in plain text.

Under POPIA, wouldn’t this violate Section 19 (Security measures on integrity and confidentiality of personal information), which requires responsible parties to implement “appropriate, reasonable technical and organisational measures” to protect personal information against unauthorised access or compromise?

Plaintext password storage does not meet this standard. Industry practice is to store passwords using secure hashing (e.g. bcrypt/argon2), making retrieval impossible.
 
GhostShow said:
One more thing

If a service can SMS you your current password, it means they are storing it in plain text.

Under POPIA, wouldn’t this violate Section 19 (Security measures on integrity and confidentiality of personal information), which requires responsible parties to implement “appropriate, reasonable technical and organisational measures” to protect personal information against unauthorised access or compromise?

Plaintext password storage does not meet this standard. Industry practice is to store passwords using secure hashing (e.g. bcrypt/argon2), making retrieval impossible.
Click to expand...
I'm no WMEB/Webafrica fan but the passwords might be encrypted on their servers so nobody can access it in the case of a breach. The service messaging you the password is automated so in theory your password is stored securely on their servers.


In theory.
 
Crowley said:
I'm no WMEB/Webafrica fan but the passwords might be encrypted on their servers so nobody can access it in the case of a breach. The service messaging you the password is automated so in theory your password is stored securely on their servers.


In theory.
Click to expand...
Passwords have to be encrypted using a one way function, because if it can be decrypted by whatever means it means attackers can also decrypt the passwords.
 
GhostShow said:
Passwords have to be encrypted using a one way function, because if it can be decrypted by whatever means it means attackers can also decrypt the passwords.
Click to expand...
If the server can't access your passwords, how would it authenticate you?
 
Crowley said:
If the server can't access your passwords, how would it authenticate you?
Click to expand...
So what you do is when you enter the password, it runs through the some encryption function, and you then compare the hash of that against the stored hash. You never compare the plain text passwords.
So lets say your password is password1234 , it is passed to a function, and then stored as HGAS2342
So when you then enter your password, it passes that function again and produces HGAS2342 again, and that is compared to what is stored.
This way, if the database is compromised, the passwords cannot be reversed from HGAS2342 to password1234
 
CrypticZA said:
No one here is with Mweb. We all know Mweb, WebAfrica, Telkom, Cell C, Vodacom, MTN, Supersonic are all kak
Click to expand...

I still have one email address with them, I never signed up with them but they bought out that host and so they own it.
I still get some mail on that address because some systems just can't seem to change.
Its also over 20 years old... guess its probably coming to an end now
 
GhostShow said:
One more thing

If a service can SMS you your current password, it means they are storing it in plain text.

Under POPIA, wouldn’t this violate Section 19 (Security measures on integrity and confidentiality of personal information), which requires responsible parties to implement “appropriate, reasonable technical and organisational measures” to protect personal information against unauthorised access or compromise?

Plaintext password storage does not meet this standard. Industry practice is to store passwords using secure hashing (e.g. bcrypt/argon2), making retrieval impossible.
Click to expand...
Hi there,

Thanks for raising this.

We can get the concern regarding password recovery mechanisms and how they could relate to data protection principles under POPIA, particularly Section 19.

As a general principle, password recovery processes are designed to restore account access without exposing or transmitting the original password. They typically involve authentication and verification steps to support secure access while helping to prevent any unauthorised entry.
We're sure you agree, for security reasons, we’re not able to comment on specific system implementations or third-party platform configurations in a public forum.

That said, if you have concerns about a specific account, we recommend reaching out to us via direct message or secure support channels so the relevant support team can review and help out.

We appreciate the engagement; to us, it’s always valuable to have these conversations grounded in security awareness and context.

Warm regards,
Webafrica Crew
 
Last edited:
Webafrica Helper said:
Thanks for taking the time to share this. We can understand how frustrating and concerning this experience must be, especially when it involves long-standing accounts and important email history.
Click to expand...

Webafrica Helper said:
We really appreciate you taking the time to lay this out so clearly. We completely get why you feel this strongly, especially when it comes to reliability, security, and access to important information.
Click to expand...

Webafrica Helper said:
Thanks for raising this in such a thoughtful and informed way.

We understand the concern regarding password recovery mechanisms and how they relate to data protection principles under POPIA, particularly Section 19.
Click to expand...
Jinne. Rule 58: Reiterate what the customer just said and express your condolences & understanding.

When you've been talking to someone over multiple posts, you can drop the corporate schtick and just communicate like a normal person. Because honestly - if your communication is already constrained, a person can only wonder at how constrained your ability to help is. It's great that you're on here helping people, but this communication style just comes off as condescending and unnecessary.
 
saor said:
Jinne. Rule 58: Reiterate what the customer just said and express your condolences & understanding.

When you've been talking to someone over multiple posts, you can drop the corporate schtick and just communicate like a normal person. Because honestly - if your communication is already constrained, a person can only wonder at how constrained your ability to help is. It's great that you're on here helping people, but this communication style just comes off as condescending and unnecessary.
Click to expand...
Hi @saor

We hear you. While we do need a bit of structure in public forums so nothing gets misread or lost in translation, that should never come at the cost of sounding like we’re not talking to each other. There’s definitely a balance, and this is fair feedback.
And yes, sometimes it has the potential to drift into the classic “have you tried turning it off and on again” vibe, when what you actually need is someone to just get the issue sorted.

We want to show up better for you and make the experience feel easier, no matter the platform. Thanks for the chance to improve!

Warm regards,
Webafrica Crew
 
Last edited:
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X