Recruitment website with insecure login page and job application form
What is the problem?
Account registration, user name and password, job applications, and CV all sent via insecure connection.
Website Terms & Conditions page claims they take “all due care in ensuring the privacy and integrity of the information you provide” and disclaims all liability.
Prior to public disclosure, notification about any privacy or security issues discovered were sent by email to the operator of this website on 17th August 2015, using either an email address publicly discoverable on the site, or the RFC 2142 standards compliant address "webmaster@..." if no public email address was provided.
At time of posting the issue had not yet been resolved.