As if being unemployed weren’t bad enough, thousands of Californians who posted their resumes to the official state job website, CalJobs, have had their identities compromised through a massive security breach in the system. According to a report from San Francisco’s CBS5, the breach was first noticed by Tom Diederich, a former reporter for Computer World Magazine.
“I filled out my employment history and I saved it,” said Diederich, who bookmarked it for future reference.
But the next day when he clicked back in he said, “I saw someone else’s information. I saw their name, where they live, their email, their phone number. I was shocked, really.
And the next time, again? “I got a different person’s information,” said Diederich. “There was probably about 5 or 6 different times that I have seen it. It was more frightening because I said ‘Who’s seeing my information?’”
After alerting the state, and receiving no response, Diederich still noticed the problems, so CBS5 began their own investigation. The results were eye-opening.
CBS 5 asked UC Berkeley computer science professor and privacy expert, Doug Tygar to take a look at Diederich’s problem. He said, “I consider that to be a serious security breach.”
But it turns out, not the only one. Because just moments after beginning his examination of that website, using Diederich’s web link, Tygar was able to get into the site, and look at other applicants’ supposedly private data. “I was able to access other people’s personal information including their address, their phone numbers, email, personal details,” Tygar said
All by just changing a few numbers in the URL. In fact, Tygar even found he was able to go in and change information on peoples’ resumes. “I would in fact have been able to go through and change that if i were a malicious attacker,” he said.
Can you imagine the field day that cybercriminals could have with the kind of information available on a resume? There are phone numbers, e-mail addresses, home addresses; it would be like hitting the jackpot for identity thieves.
While it’s disappointing that the California state government would allow such a glaring security breach in their website, it’s not exactly surprising. Any system that grows to the size of CalJobs, which hosts hundreds of thousands of resumes, is bound to have some security issues. The real problems come when the administrators of the site are either unable or to slow to resolve the problems when they are brought to their attention. According to the CBS article, the original glitch Diederich found has been fixed, but their team is still actively searching for other loopholes.
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment