State Job Website Has Great Opportunities For Self-Starting Identity Thieves

CBS 5 exposed a “gaping hole” in the code of California’s state-run employment website that allows anyone who views the site to access and modify other users’ resumes and personal info simply by changing some numbers in the URL.

CBS 5 spoke with a man who had uploaded his resume to CalJOBS, the state jobs website where residents must register in order to receive unemployment benefits. The man bookmarked the URL where his data was, but each subsequent time he viewed the link, he saw different users’ information, including addresses, employment history, and other information that could easily be used by identity thieves.

After CBS 5 showed the glitch to a computer security expert, they discovered that it was possible to modify other people’s resumes.

California says they’ve since fixed the glitch and are going through the site to make sure there aren’t any more giant security liabilities. We’re glad it’s back up, as there are probably a few former state IT workers who need unemployment benefits.

Security Flaws Discovered in California EDD Website [CBS 5]
(Photo: Amazon)
Thanks, Matt!

Comments

Edit Your Comment

  1. valleyval says:

    Good thing you’re required to sign up on the website to receive benefits!

  2. laserjobs says:

    Nice picture you got there!

  3. temporaryerror says:

    One of the hands needs to have a gold wedding band…

  4. ReverendBrown says:

    Too distracted by the picture to absorb the article.

  5. Matt says:

    Mmmm cable goatse.

  6. thisistobehelpful says:

    Oh that makes me so happy thinking about signing up for my state’s database…

  7. SoCalGNX says:

    Lovely! About 1/2 the people here are on unemployment right now.

  8. edrebber says:

    “there are probably a few former state IT workers who need unemployment benefits”

    Alex,

    Why do you assume a government employee would be held accountable. What about the people who become identity theft victims due to this security flaw? No doubt many will be victims and have no recourse against the state.

  9. Chinchillazilla says:

    Well, that’s mildly horrifying.

  10. LatherRinseRepeat says:

    I wouldn’t be surprised if that website was a result of low ball contract bidding.

    Good, fast, cheap.. pick any two.

  11. rockasocky says:

    Oh California EDD, just when I thought you couldn’t be more incompetent…

  12. Brazell says:

    This was not a glitch. Some designer had to have seen this somewhere along the way and realized it’s not worth going through the trouble and fixing it. That’s pretty much the story of my life.

  13. uber_mensch says:

    A painful 4-handed goatse. Bad pic.

  14. wezelboy says:

    CalJobs is a pathetic joke.