Hackers access government website to highlight security flaws

It has been revealed that computer hackers have been able to get hold of the personal details belonging to dozens of job seekers on the government run Universal Jobmatch website and have said that they did it purely to highlight the vulnerability of the website. The data they have been able to access includes national insurance numbers, passwords and even scanned images of passports.

This is a new website staff at jobcentres to monitor the activity of those claiming benefit to ensure that they have been applying for jobs, which is a condition of many benefits, and also to suggest possible jobs for them. The problem is that there are no security checks done on anyone posting a job vacancy, and an investigation into the site allowed a fake employer to register on the site within minutes.

The hackers posted a fake ad in their bid to highlight how weak the security was on the site in terms of protecting users from identity theft, and through this ad were able to gain the personal details of the 70 people who applied for the job. The hackers used details that were clearly false to first register with the site and then post the fake ad which was for a cleaning position, and this ad went live without any vetting.

After that it took them very little time to harvest applicants personal info which included scans of both passports and driving licences which were sent freely as proof of ID. With identity theft being the biggest cyber crime around, it is unbelievable that such a website would leave its users open to such misuse of their data, and Channel 4 News have now made sure that the information commissioners office is aware of the problem so it can be fully investigated.