Dan Egerstad says he accidentally stumbled onto the problem and made passwords and other details of those accounts public to highlight the security risk.
Egerstad told RFE/RL's Uzbek Service that he decided to publicize the problem because contacting all the affected groups personally would have been a huge task.
He released addresses and passwords on a blog (http://www.derangedsecurity.com) from the list of easily compromised accounts, which included accounts from Indian, Pakistani, Uzbek, and Kazakh embassies and other government institutions.
In fact, the list included 26 embassies and six consulates of Uzbekistan alone. Ten accounts belonged to the Kazakh Embassy in Russia, according to a technology-based website, techworld.com, that covered the story.
They also included Chinese human-rights groups and one of Tibetan spiritual leader Dalai Lama's liaison offices. Exposing Security Flaws
Egerstad says that the only officials who have contacted him from the embassies or governments involved are Iranians, including the Iranian Embassy in Stockholm.
"They pretty much said, 'Thank you.' The Indians, they were kind of pissed," Egerstad says. "No one wanted to talk to me except Iran."
Egerstad says the affected governments are merely those using software that is susceptible to the hack that he discovered.
He says that after he accidentally uncovered the flaw, those vulnerable accounts were like an open book.
Egerstad has stressed that he never actually opened the correspondence, so as to avoid breaking the law. He said he released the information to shed light on security problems to allow the groups involved to fix them.
"After they calm down a little bit and get over the first shock, they will realize I didn't do this to hack into their system or anything like that, I did it because they have a major problem," Egerstad says.
Egerstad lives in Malmo, in southern Sweden, and describes himself as a security specialist who works for Danish and Swedish companies. But he also says the discovery did not even require much expertise.
"This is very, very easy," he says. "If only I could do this or the best computer people in the world could do this, then it wouldn't be a problem. The problem is that anyone can do this. Give me two minutes [and] I can teach anyone to do this."Could Egerstad Face Legal Problems?
It is unclear whether authorities are considering any measures against Egerstad.
But a Swedish national security officer who asked not to be identified suggested to RFE/RL's Uzbek Service that sharing the sensitive information involved in the hack with other Internet users might be prosecutable.
"It is one thing to imagine that evil hackers can find information themselves, [and] another thing [when] somebody publishes it for them," says Per Hellqvift, a security expert at Symantec AB, a company that specializes in computer-protection software.
"They can do quite a [lot of] damage with this kind of information," Hellqvift adds. "They can read the e-mails being sent from this e-mail address from certain embassies and they can also send the e-mails [pretending to be] an embassy employee."
Hellqvift warns that Egerstad might be "heading into trouble" if he continues with such unorthodox techniques.
But Egerstad insists that he simply happened across a problem and acted in a way that allows the holders of those affected to correct the flaw. He says he only wants to help people correct a problem that could cause serious damage to their interests.
BLOCKED SITES: Iran's state Information Technology Company announced in September 2006 that more than 10 million websites were being "filtered" in Iran. They included the following, organized by category.
Forums, Sharing, and Entertainment:
The Google-owned Internet social network system www.orkut.com
The video-sharing website www.youtube.com
The photo-sharing website and web services www.flickr.com
The Kurdish version of Wikipedia's online encyclopedia www.en.wikipedia.org/wiki/Kurdish
Social and Human Rights:
London-based www.amnesty.org, one of the world's leading human rights defenders
New York-based Human Rights Watch www.hrw.org, also one of the leading human rights defenders in the world
The Paris-based Reporters Without Borders www.rsf.org, a leading media watchdog
The official website of the Tahkim Vahdat Organization, the largest reformist university organization in Iran www.advarnews.us. The group covers news concerning student activism in Persian
The www.gozaar.org website, a monthly Persian-English journal devoted to democracy and human rights
The www.meydaan.com website, a Persian site dedicated to women's rights and activism in Iran
News and Politics:
The Prague- and Washington-based www.radiofarda.com, a joint venture of RFE/RL and VOA covering news in Persian
The Persian service of the London-based BBC www.bbc.co.uk/persian
The Persian service of the Washington-based Voice of America www.voanews.com/persian
The Amsterdam-based www.radiozamaneh.com, which covers news in Persian
The pro Islamic Republic Tehran based www.baztab.ir covering political and social issues
Brussels-based www.gooya.com, featuring articles by journalists and political figures
The Amsterdam-based daily journal www.roozonline.com, which features articles and interviews in Persian and English
The Google-owned blog publishing system www.blogger.com
The Harvard-based www.globalvoicesonline.org, a blog that summarizes events in the blogosphere in every corner of world
Numerous personal weblogs from around the world, both in Persian and English, with different views and focusing on different subjects including:
www.doomdam.com (satirical blog)
www.kosoof.com (photo blog)
(source: Radio Farda)