25-10-2016, 23:07
|
#1
|
CF's Worst Nightmare
Join Date: May 2012
Location: Probably outside the M25
Services: Sky Fibre Unlimited 40/10
Posts: 3,473
|
50,000 CVs sent to Virgin Media UK Exposed on internet
Looks like someone forgot to disable directory browsing on the web server, allowing anyone to remove part of the url and then see all the uploaded CV's.
Quote:
Virgin Media has shuttered a kindergarten-grade bug in a third party website that exposed up to 50,000 résumés it's received over the years, complete with names, street and email addresses of applicants.
The vulnerability was due to entirely absent access controls on a public server to which applicants were directed to upload their résumés.
British student hacker Alikhan Uzakov (@alikhan_uzakov) found he was able to peruse the entire directory without restraint or being challenged to log in.
"About 30,000 to 50,000 applications, past and present, were accessible," Uzakov says in a blog.
"Personal information including telephone numbers, emails, where someone lives, and other details were out there in the open: my personal information was exposed as well
|
Full Story: http://www.theregister.co.uk/2016/10...50000_resumes/
|
|
|