[LINK] FW: Job website's data bungle
Jan Whitaker
jwhit at janwhitaker.com
Mon Jun 25 15:24:23 AEST 2007
>http://www.smh.com.au/news/security/job-websites-data-bungle/2007/06/24/1182623749129.html
>
Looks like server side needs a bit of work, too:
Stephen Hutcheon
June 25, 2007 - 10:12AM
Confidential data including names, email addresses and passwords of
clients of News Digital Media's CareerOne online employment business
have been accidentally exposed on the web.
The information is part of CareerOne's customer relationship
management database and although some of the data dates back to
2000-01, many of the 30-plus files that have been compromised could
contain more current details.
The details include comments about clients made by CareerOne account
executives, some of which are highly unflattering. In one case, a
client is referred to as a "retard" and in another a client is called
a "lazy good for nothing".
Every file on the master page shows the "last modified" time and date
as being at "00:45:52 GMT" on Monday, May 28, 2007, suggesting that
they have appeared in this visible state for almost a month.
CareerOne was not aware of the security breach until this morning
when they were informed and asked for a comment. The web page was
subsequently taken down.
[snip]
Jan Whitaker
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
commentary: http://janwhitaker.com/jansblog/
Writing Lesson #54:
Learn to love revision. Think of it as polishing the silver for
guests. - JW, May, 2007
'Seed planting is often the most important step. Without the seed,
there is no plant.' - JW, April 2005
_ __________________ _
More information about the Link
mailing list