Sunday 20 August 2017

Buzzfeed used Jeremy Corbyn’s new website to send a resignation letter from Jeremy Corbyn

New Labour party leader Jeremy Corbyn
New Labour party leader Jeremy Corbyn
Clare Cullen

Clare Cullen

Buzzfeed News discovered a pretty big security flaw in Labour leader Jeremy Corbyn’s new website for the 'People's Movement' grassroots campaign.

The website allows you to send an email to anyone and asks you to enter your email as the address it will show as 'sent from'.

However, a lack of verification checks mean that users can enter in anyone's address - and politicians emails are public information.

Buzzfeed reported Siraj Datoo edited the provided email text to read: "Dear Siraj, I just wanted to let you know that after a successful launch of Momentum, I have decided to step down as leader. Yours, Jeremy".

He then sent the email to himself to test his theory, entering the 'sent from' address as Corbyn's official email - cornbynj@parliament.co.uk.

While the subject line remains 'People's Momentum', Datoo points out that allowing the rest of the fields to be edited without checks could make it very easy for phishers and online fraudsters to send emails pretending to be someone else.

The emails entered - of both parties - will also be saved to the website. The privacy policy of the website has been updated to reflect this.

A spokesperson for the 'People's Momentum' told Buzzfeed they would "look into" the page with their tech engineers.

Online Editors

Editors Choice

Also in Entertainment