Security Fail Exposed Details of Virgin Media’s UK Job Applicants

Mark Jackson reports:

A security flaw in the third-party service that Virgin Media uses to process new job applications could have exposed the personal CV details of between 30,000 and 50,000 people to the Internet.

A student called Alikhan Uzakov discovered the problem while filling out an application form for the operator (like this one).

At this point he was offered the option to upload his CV, but the URL that this generated also revealed the name of a directory (folder) where his CV was being stored.

Alikhan Uzakov said:

“When I opened the directory I was able to see all past and present applications.

Read more on ISPreview.

About the author: Dissent