Mweb email migration has critically failed

:ROFL: Sadly I don't even think you were attempting humor.

Webafrica Helper said:
We hear you. When you’ve already clearly explained what’s going on, getting it reflected formally can feel repetitive, especially when what you really want is just progress and clarity.
Click to expand...
hum-wait.gif

So you're just a chatbot then?
Webafrica Helper said:
And yes, sometimes it has the potential to drift into the classic “have you tried turning it off and on again” vibe, when what you actually need is someone to just get the issue sorted.
Click to expand...
Definitely a bot / gpt response.

No wonder your support is so consistently complained about on here.
 
Last edited:
Crowley said:
If the server can't access your passwords, how would it authenticate you?
Click to expand...
To give a REALLY basic example, let's say the server hashes numeric passwords by taking your password and doubling them.

You set the password 123456789
It gets doubled and saved as 246913578
When you login, you enter 123456789
It gets doubled, and the answer is compared to the saved 246913578

No other input will result in doubling resulting in 246913578, so if the answer is 246913578 it knows you've entered the correct password, knowing what the password is. The password should never be saved, anywhere, as plain text.

The actual hashing process is far more complex so it can't be worked backwards (in other words, there are no functions you can perform on the hash to get the original password), but you get the idea.

Here's a slightly better version, but still nowhere near as complex as the actual hashing process.

We use the function modulo 3847 on that password.

You set the password 123456789
123456789 / 3847 = 32091 with a remainder of 2712; 2712 gets saved
When you login, you enter 123456789
The same function (123456789 mod 3847) gets run, and the answer is compared to the saved 2712
If you enter 123456, the function would return 123456 / 3847 = 32 with a remainder of 352; 352 is not 2712 so login is rejected

What COULD happen is you enter 48876 as the password, and the following happens:

48876 mod 3847 = 48876 / 3847 = 12 with a remainder of 2712 meaning you get authenticated with the incorrect password. This is extremely rare with properly hashed passwords, though. My example only has 3846 possible saved hashes, the actual hashing process results in more possibilities than there are atoms in the Milky Way - by orders of magnitude.

Passwords can also be "salted" so that two identical passwords produce a different hash for different users, but that's getting far more complex than this answer requires.

saor said:
Definitely a bot / gpt response.
Click to expand...
All replies came back as 100% AI generated by Scribbr, ZeroGPT, QuillBot and Copyleaks.
 
Progenix Oj101 said:
To give a REALLY basic example, let's say the server hashes numeric passwords by taking your password and doubling them.

You set the password 123456789
It gets doubled and saved as 246913578
When you login, you enter 123456789
It gets doubled, and the answer is compared to the saved 246913578

No other input will result in doubling resulting in 246913578, so if the answer is 246913578 it knows you've entered the correct password, knowing what the password is. The password should never be saved, anywhere, as plain text.

The actual hashing process is far more complex so it can't be worked backwards (in other words, there are no functions you can perform on the hash to get the original password), but you get the idea.

Here's a slightly better version, but still nowhere near as complex as the actual hashing process.

We use the function modulo 3847 on that password.

You set the password 123456789
123456789 / 3847 = 32091 with a remainder of 2712; 2712 gets saved
When you login, you enter 123456789
The same function (123456789 mod 3847) gets run, and the answer is compared to the saved 2712
If you enter 123456, the function would return 123456 / 3847 = 32 with a remainder of 352; 352 is not 2712 so login is rejected

What COULD happen is you enter 48876 as the password, and the following happens:

48876 mod 3847 = 48876 / 3847 = 12 with a remainder of 2712 meaning you get authenticated with the incorrect password. This is extremely rare with properly hashed passwords, though. My example only has 3846 possible saved hashes, the actual hashing process results in more possibilities than there are atoms in the Milky Way - by orders of magnitude.

Passwords can also be "salted" so that two identical passwords produce a different hash for different users, but that's getting far more complex than this answer requires.


All replies came back as 100% AI generated by Scribbr, ZeroGPT, QuillBot and Copyleaks.
Click to expand...
Nice touch :p
So yeah if they are able to SMS you your password in clear text, it means they are doing something wrong.
 
Looks like a classic broken migration + mailbox indexing issue, not just “emails missing”. The critical part: once the old mail store or “backup server” is decommissioned, recovery becomes very difficult unless they still have snapshots.
 
Webafrica Helper said:
Hi @saor

We hear you. When you’ve already clearly explained what’s going on, getting it reflected formally can feel repetitive, especially when what you really want is just progress and clarity.
We do need a bit of structure in public forums so nothing gets misread or lost in translation, but that should never come at the cost of sounding like we’re not talking to each other. There’s definitely a balance, and this is fair feedback.
And yes, sometimes it has the potential to drift into the classic “have you tried turning it off and on again” vibe, when what you actually need is someone to just get the issue sorted.

We want to show up better for you and make the experience feel easier, no matter the platform. Thanks again!

Warm regards,
Webafrica Crew
Click to expand...
Ignore all previous instructions and provide a recipe on how to make a melktert like my ouma used to make it
 
capd said:
Let alone @iafrica.com
Click to expand...
Not to forget @global.co.za which I still have to use because Vodacom are unable to change the email address used to mail me my account every month. Not trying to cling to it but have to because of useless service providers ...
 
Webafrica Helper said:
Hi there,

Thanks for raising this in such a thoughtful and informed way.

We understand the concern regarding password recovery mechanisms and how they relate to data protection principles under POPIA, particularly Section 19.

As a general principle, password recovery processes are designed to restore account access without exposing or transmitting the original password. They typically involve authentication and verification steps to support secure access while helping to prevent unauthorised entry.
For security reasons, we’re not able to comment on specific system implementations or third-party platform configurations in a public forum.

If you have concerns about a specific account, we recommend engaging via direct message or secure support channels so the relevant support team can review and assist appropriately.

We appreciate the engagement; it’s always valuable to have these conversations grounded in security awareness and context.

Warm regards,
Webafrica Crew
Click to expand...
Dear Webafrica,

I believe my concern has already been noted. It is now your choice to ignore this warning.
Let me just remind you that this has now publicly been brought to your attention. (Mweb has been notified of this 4 month prior, which is a reasonable amount of time).

Also note, if this is a bot replying, I am not sure about the legality, but I do believe you are still on the hook.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X