Like we pointed out earlier about FBR’s website that was exposing sensitive user data of taxpayers (they later rectified the flaw after we pointed out), this time it’s Punjab Public Service Commission – and situation has only worsen.
Punjab Public Service Commission or PPSC has just opened the doors for everyone to find every nitty-gritty details of hundreds of thousands of candidates applying for recently advertised lectureship jobs.
Anyone can freely access following details of all the candidates that applied for lectureship jobs:
- Candidate’s picture
- Full Name
- Father’s Name
- Complete Address
- Mobile/Landline Number
- Email Address
- Academic Record
- Earlier Jobs, Experiences,
- and much more
Just to tell you a little background, PPSC recently announced more that 2000 male and female jobs of lectureship in Punjab Education Department. This time they set it compulsory for the candidates to apply online.
Although this was to facilitate the candidates but whole data of candidates was published online and anyone can access it without any password or authentication.
By the way there are hundreds of thousands of candidates who applied (imagine there were 2000 job posts) and all their private data is exposed to everyone. Situation is alarming particularly in case of females, who are estimated to share 50 percent total count.
We aren’t publishing the loophole that can reveal the user data (keeping in view that this may expose hundreds of thousands of individuals), but Punjab Public Service Commission must act immediately to undo it’s heinous blunder.
Adopting latest technologies is good but these government institutes should secure the private details by passwords or by any other means of authorization.
Just have a look at following screenshot that we took, and no password or username whatsoever was required to access this female candidate’s data, even worse, list of all the candidates that applied is available online, probably the worst privacy nightmare for any organization.
Thanks to Usman for tipping