To tell or not to...

  ajm 12:10 26 Nov 2010

To cut a long story short, I have come across a recruitment agency's web-site where it is possible to view candidate's CVs.

Whilst I wish to inform the agency concerned about this, I also do not want to blamed for accessing this.

What is the best way to inform them or just leave it as it and don't bother?

  uk-wizard 17:16 26 Nov 2010

Go to a phone box - if you can find one that works - and phone them.

  Forum Editor 18:40 27 Nov 2010

is let them know - unless the people concerned have given consent the operators of the site are inadvertently breaching the data protection laws.

No blame can attach to you because you discovered the error.

  ajm 05:37 28 Nov 2010

The CV and data can be seen when a certain url is entered for the domain. As the site was designed using opensource software ( Wordpress), and with a bit of knowledge that anyone familiar with WordPress, it was possible to see this data.

I was only able to see the data out of curiosity as I was doing some research for a client of mine who also operates a recruitment agency and I was interested in the source for the web-site and in particular the wordpress plug used.

I am surprised that the web-designers / developers did not set the security of this site. Other sites made by the same company using WordPress seem to be secure.

My own site and a few others I have created were also tested and these are secure.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

Illustrator of witty, relatable Instagram comics Julia Bernhard touches on our humble moments

iMac Pro review

Quelle est la meilleure application de podcast pour Android (2018) ?