Hackers use government jobs site to steal your data
After a new government jobs website was compromised by hackers and investigation found major security flaws!
Hackers have obtained the personal details of innocent job seekers when they were taken from the government’s Universal Jobmatch website. The leaked data includes passwords, national insurance numbers and even scans of passports.
The new site allows jobcentre staff to monitor the activity of jobseekers, checking what jobs have been applied for and suggesting new jobs. But there are no security checks performed on the people who post jobs, so the Channel 4 investigation was able to register as an employer in minutes.
Using clearly false details the hackers registered as an employer and gained access to the site posting a fake ad for a cleaning job which went live seemingly unvetted.
They were then able to quickly harvest personal information including passwords and passport and driving licence scans that can be used to for identity fraud or allow them to illegally access email and even online bank accounts of applicants.
The hacking group explained that with information like this a number of options were open to them to use this information for criminal ends, including: selling data on “darknet forums”, obtaining prepaid debit cards or insolvency bank accounts, verifying and stealing funds from Paypal and taking out payday loans.
The hackers also claimed they could now hijack other accounts as many of the passwords they obtained from their fake ad also work for the victims’ email, eBay and Paypal accounts.