One of Britain's top intelligence agencies has admitted it sends passwords to prospective job candidates in clear text.
Blogger Dan Farrall revealed the gaffe after he applied to work at the Government Communications Headquarters (GCHQ) spy agency.
Farrall said he reported the finding to the GCHQ and published after he did not hear back after two months.
“Not really sure how we can trust somebody like that to protect us, when they are still doing stupid things like this," Farrall said.
"For those that don't think this matters, bear in mind the type of information you're submitting to these online applications: names, dates, family members information, passport numbers, housing information. With this type of information identity theft is a major concern.”
The agency told the Register the legacy system would be updated"very small percentage of applicants were sent passwords during reset processes.
Varonis technical director Rob Sobers said the gaffe illustrates a need to correct simple security frameworks.
“This case in particular highlights the need to do a thorough check of your third party providers and their business practices, especially in the area of security. We have to focus on the basic 'blocking and tackling' if we stand a chance at becoming a culture of data security and privacy.”