Buzzfeed used Jeremy Corbyn’s new website to send a resignation letter from Jeremy Corbyn
Published 09/10/2015 | 13:23
Buzzfeed News discovered a pretty big security flaw in Labour leader Jeremy Corbyn’s new website for the 'People's Movement' grassroots campaign.
The website allows you to send an email to anyone and asks you to enter your email as the address it will show as 'sent from'.
However, a lack of verification checks mean that users can enter in anyone's address - and politicians emails are public information.
Buzzfeed reported Siraj Datoo edited the provided email text to read: "Dear Siraj, I just wanted to let you know that after a successful launch of Momentum, I have decided to step down as leader. Yours, Jeremy".
He then sent the email to himself to test his theory, entering the 'sent from' address as Corbyn's official email - firstname.lastname@example.org.
While the subject line remains 'People's Momentum', Datoo points out that allowing the rest of the fields to be edited without checks could make it very easy for phishers and online fraudsters to send emails pretending to be someone else.
A spokesperson for the 'People's Momentum' told Buzzfeed they would "look into" the page with their tech engineers.