To tell or not to...

  ajm 12:10 PM 26 Nov 10
Locked

To cut a long story short, I have come across a recruitment agency's web-site where it is possible to view candidate's CVs.

Whilst I wish to inform the agency concerned about this, I also do not want to blamed for accessing this.

What is the best way to inform them or just leave it as it and don't bother?

  uk-wizard 17:16 PM 26 Nov 10

Go to a phone box - if you can find one that works - and phone them.

  Forum Editor 18:40 PM 27 Nov 10

is let them know - unless the people concerned have given consent the operators of the site are inadvertently breaching the data protection laws.

No blame can attach to you because you discovered the error.

  ajm 05:37 AM 28 Nov 10

The CV and data can be seen when a certain url is entered for the domain. As the site was designed using opensource software ( Wordpress), and with a bit of knowledge that anyone familiar with WordPress, it was possible to see this data.

I was only able to see the data out of curiosity as I was doing some research for a client of mine who also operates a recruitment agency and I was interested in the source for the web-site and in particular the wordpress plug used.

I am surprised that the web-designers / developers did not set the security of this site. Other sites made by the same company using WordPress seem to be secure.

My own site and a few others I have created were also tested and these are secure.

Advertisement

This thread is now locked and can not be replied to.

Sony Xperia Z5 review: Hands-on with the phone which the Z3+ should have been

1995-2015: How technology has changed the world in 20 years

How to choose a photographer

iPhone 6S preview: What to expect from Apple's next iPhone