Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Virgin Media News Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=10)
-   -   50,000 CVs sent to Virgin Media UK Exposed on internet (https://www.cableforum.uk/board/showthread.php?t=33703851)

Qtx 25-10-2016 23:07
50,000 CVs sent to Virgin Media UK Exposed on internet
 
Looks like someone forgot to disable directory browsing on the web server, allowing anyone to remove part of the url and then see all the uploaded CV's.

Quote:
Virgin Media has shuttered a kindergarten-grade bug in a third party website that exposed up to 50,000 résumés it's received over the years, complete with names, street and email addresses of applicants.

The vulnerability was due to entirely absent access controls on a public server to which applicants were directed to upload their résumés.

British student hacker Alikhan Uzakov (@alikhan_uzakov) found he was able to peruse the entire directory without restraint or being challenged to log in.

"About 30,000 to 50,000 applications, past and present, were accessible," Uzakov says in a blog.

"Personal information including telephone numbers, emails, where someone lives, and other details were out there in the open: my personal information was exposed as well
Full Story: http://www.theregister.co.uk/2016/10...50000_resumes/

pip08456 26-10-2016 01:38
Re: 50,000 CVs sent to Virgin Media UK Exposed on internet
 
Quote:
Originally Posted by Qtx (Post 35865724)
Looks like someone forgot to disable directory browsing on the web server, allowing anyone to remove part of the url and then see all the uploaded CV's.



Full Story: http://www.theregister.co.uk/2016/10...50000_resumes/
He should take them to court for breaching the data protection act.


All times are GMT +1. The time now is 08:23.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum