To tell or not to...

  ajm 12:10 26 Nov 2010

To cut a long story short, I have come across a recruitment agency's web-site where it is possible to view candidate's CVs.

Whilst I wish to inform the agency concerned about this, I also do not want to blamed for accessing this.

What is the best way to inform them or just leave it as it and don't bother?

  Forum Editor 18:40 27 Nov 2010

is let them know - unless the people concerned have given consent the operators of the site are inadvertently breaching the data protection laws.

No blame can attach to you because you discovered the error.

  ajm 05:37 28 Nov 2010

The CV and data can be seen when a certain url is entered for the domain. As the site was designed using opensource software ( Wordpress), and with a bit of knowledge that anyone familiar with WordPress, it was possible to see this data.

I was only able to see the data out of curiosity as I was doing some research for a client of mine who also operates a recruitment agency and I was interested in the source for the web-site and in particular the wordpress plug used.

I am surprised that the web-designers / developers did not set the security of this site. Other sites made by the same company using WordPress seem to be secure.

My own site and a few others I have created were also tested and these are secure.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Huawei Mate 30 Pro Review: Hands-on

Fred Deakin on creating the artwork for his sci-fi rock opera The Lasters

Best iOS 13 features: What does iOS 13 do

Les meilleures enceintes connectées avec écran tactile (2019)