Computer experts said it would be very simple for anyone with technical knowledge, who was so inclined, to work back from that e-mail into the user's Talk21 account, as in the original security breach.
BT has bungled fixing a serious internet security flaw, adding to the concerns of customers at its free e-mail service, Talk21.
It meant that Talk21 e-mail accounts were vulnerable to unauthorised access, without any hacking, through a quirk of software computer experts described as "obvious" and "simple to prevent".
On Friday morning, BT claimed it had installed a "patch" for the problem, but in fact it had not solved it at all.
New flaw
Originally, anyone monitoring visitors to their own website using certain software could, with one click, find themselves given full access to private Talk21 e-mail accounts.
After the patch, they would find they were instead shown the private e-mail containing the hyperlink which the Talk21 account holder had used to visit their website.
In other words, it was still a serious breach of security.
Computer experts said it would be very simple for anyone with technical knowledge, who was so inclined, to work back from that e-mail into the user's Talk21 account, as in the original security breach.
At first, BT spokesman Simon Gordon told BBC News Online the problem had been solved.
However, when the new flaw was explained, he passed the details to BT's technical staff.
"We will have a new patch in place in an hour or so," he said at 1400 GMT, stressing that BT took security issues very seriously.
Hot mail
In the meantime, a number of users have contacted BBC News Online to say how angry they are that BT did not put a statement on the Talk21 website warning account holders of the security risk.
One said: "I was very surprised and disgusted that a company of BT's calibre still had the site available even after the fault was reported by BBC News Online."
Another claimed that users of BT's mobile messaging service, Genie Internet, had been suffering similar security problems for "the best part of a year".
BT's Simon Gordon said an apology and explanation "reassuring users" would be put on the site once the problem was solved.
So far, only the message pictured above has appeared.
He said BT had not put a statement on the site sooner because it felt there was nothing to be gained by alarming account holders when the company had no evidence that any of them had "suffered any damage".
Less than 24 hours ago, the company said it had no evidence of any security breach.