CBS 5 exposed a “gaping hole” in the code of California’s state-run employment website that allows anyone who views the site to access and modify other users’ resumes and personal info simply by changing some numbers in the URL.
CBS 5 spoke with a man who had uploaded his resume to CalJOBS, the state jobs website where residents must register in order to receive unemployment benefits. The man bookmarked the URL where his data was, but each subsequent time he viewed the link, he saw different users’ information, including addresses, employment history, and other information that could easily be used by identity thieves.
After CBS 5 showed the glitch to a computer security expert, they discovered that it was possible to modify other people’s resumes.
California says they’ve since fixed the glitch and are going through the site to make sure there aren’t any more giant security liabilities. We’re glad it’s back up, as there are probably a few former state IT workers who need unemployment benefits.
Security Flaws Discovered in California EDD Website [CBS 5]
(Photo: Amazon)
Thanks, Matt!
More From Consumerist
-
Slightly Fewer Employers Checking Job Applicants’ Credit Reports
-
T-Mobile: Sorry You Lost Your Job And Had To Move, Here's Your $500 ETF Bill
-
Court Halts Alleged “Forensic Audit” Scam Targeting Troubled Homeowners
-
Great Peanut Butter Recall Of 2012 Began With Trader Joe’s, Now Includes 17 Brands
-
Comcast Moves 1,000 Call Center Jobs Out Of California, Totally Doesn’t Blame State Government
Good thing you’re required to sign up on the website to receive benefits!
Nice picture you got there!
@laserjobs:
Yeah, first thing I thought of when I saw that cover as well.
@laserjobs: One of those hands needs to have a gold wedding ring on it…
@ReverendLoki: Ahh, how to know we’ve been using the internet far too long. LOL
@Batwaffel: Yup, it was the first thing that sprung to mind here, as well. I haz been corrupted by teh interwebs!
@laserjobs: saw the picture, and forwarded the post to one of my friends. i told her “ignore the content, notice the picture”
@laserjobs:
Me too.
One of the hands needs to have a gold wedding band…
@temporaryerror: It was sold to cash4gold to make up for the unemployment checks. Unfortunatly that didn’t work either.
Too distracted by the picture to absorb the article.
Mmmm cable goatse.
oh no you didn’t!!! lol @Matt:
@Matt: Double goatse.
@Matt: I unfortunately saw that for the first time today…
Someone needs to change the cover on the book.
Or not, depending on the intended message.
@Matt:
Having never seen the GOATSE meme before for frear of being grossed out into oblivion, your simple post has now informed me of what it is- through the wonderful visuals of my brain THAT WILL NOT TURN OFF.
I’m going to go cower in the corner for a couple of minutes.
@Matt: [bows head in shame] Yes, that was my first thought, too. This image was brilliantly chosen, and works on so many levels.
@SacraBos: Sadly, that was also my first thought. The internet has ruined my innocence forever.
@Matt: so he had a book in there… wow.
@Matt: It is rather funny (or maybe sad?) that out of all the vast amounts of info on the internet it is things like goatse which will be retained as common knowledge for at least a full generation.
@Naame: LOL isn’t that always the way, though? People always remember the weird/gross/awful stuff.
@HogwartsAlum:
This sounds like an online post where someone said
Q: “I’m bringing my 2 girls to a halloween party, what should I have them bring for halloween?”
A: “One Cup”
Oh that makes me so happy thinking about signing up for my state’s database…
Lovely! About 1/2 the people here are on unemployment right now.
“there are probably a few former state IT workers who need unemployment benefits”
Alex,
Why do you assume a government employee would be held accountable. What about the people who become identity theft victims due to this security flaw? No doubt many will be victims and have no recourse against the state.
Well, that’s mildly horrifying.
I wouldn’t be surprised if that website was a result of low ball contract bidding.
Good, fast, cheap.. pick any two.
Oh California EDD, just when I thought you couldn’t be more incompetent…
This was not a glitch. Some designer had to have seen this somewhere along the way and realized it’s not worth going through the trouble and fixing it. That’s pretty much the story of my life.
A painful 4-handed goatse. Bad pic.
CalJobs is a pathetic joke.