CBS 5 exposed a “gaping hole” in the code of California’s state-run employment website that allows anyone who views the site to access and modify other users’ resumes and personal info simply by changing some numbers in the URL.
CBS 5 spoke with a man who had uploaded his resume to CalJOBS, the state jobs website where residents must register in order to receive unemployment benefits. The man bookmarked the URL where his data was, but each subsequent time he viewed the link, he saw different users’ information, including addresses, employment history, and other information that could easily be used by identity thieves.
After CBS 5 showed the glitch to a computer security expert, they discovered that it was possible to modify other people’s resumes.
California says they’ve since fixed the glitch and are going through the site to make sure there aren’t any more giant security liabilities. We’re glad it’s back up, as there are probably a few former state IT workers who need unemployment benefits.
Security Flaws Discovered in California EDD Website [CBS 5]