A website used by police forces to track stolen goods has had to be fixed as it was a potential burglars' paradise.
The Immobilise site allows members of the public to add records to the National Property Register, detailing the valuables in their homes. But web security consultant Paul Moore discovered a flaw that made it possible for users of the site to access other people's records, reports the BBC.
Recipero, the company that runs the Immobilise site, admits it has been forced to fix the vulnerability. The Association of Chief Police Officers (Acpo), which is responsible for ensuring websites recommended by police are fit for purpose, told the BBC it would be "discussing the matter with Recipero". Auditors have told Acpo that the site is now safe to use.
Moore discovered that by altering ID numbers in the site's URL space different house records would be automatically downloaded without any additional security measures. Records kept on Immobilise include a person's name and address and a list of valuables and an estimate of how much each item is worth.
Around four million households use the website, and police forces across the UK use the site to help return stolen goods to their owners. But allowing third parties to view other people's valuables could have proved a useful research tool for burglars when planning their future raids.
Recipero told the BBC: "The vulnerability targeted a feature intended for use by registrants when inviting their insurers to view details of an item. This vulnerability has been removed and a thorough review of records revealed no evidence of irregular usage."
Sign up for CIO Asia eNewsletters.