Universal Jobmatch, a website recently launched by the UK government for job seekers on direct.gov.uk, has been found to contain a vulnerability that could be leveraged by cybercriminals to harvest all sorts of sensitive information.
According to Channel4, a hacker group has noticed that they could sign up on the site as an employer without much difficulty because no checks had been put in place.
They’ve posted a fake job ad and have managed to collect the personal details of over 70 individuals, including copies of their passports, passwords and scans of their driver’s licenses.
The information could be highly valuable for identity thieves and other types of fraudsters.
After learning of the security hole, representatives of the Department of Work and Pensions have revealed that the site clearly advises jobseekers not to give out personal details. They also claim that they’ve implemented additional checks to prevent such incidents.