Hey,
Last week I went for a job interview with this company who were looking for a Web Admin for their website. They have around 100 stores in the UK (I think) so are quite big.
I find out tomorrow if I have got the job or not but all seemed very positive at the interview. (So fingers crossed)
The woman who currently does the job has gone for an internal promotion and got it. She had no experience in running a website prior, so learnt on the Job.
Now, Last night I was doing a bit of research into the website, just seeing what I would change/Improve looking at spaces in advertising they're missing. They currently spend £3,000 a month on the web site and I think a lot of it is being wasted, so i wanted to see what free solutions to bring in more traffic there were and better ways to spend that money in things like SEO. After a bit I thought I'd just check how secure the website was. Obviously thinking that it would be pretty well secured.
Well after 5mins I was in. Had customer records, orders, transaction details up. I was shocked!
First thing I wanted to do was warn them! But then I thought maybe its not such a good idea. I might be jeopardizing my chances of getting the position. They may think I am some kind of hacker and hacking is illegal after all. Then again I thought maybe it might strengthen my case for the job.
I am not quite sure what to do. Obviously they deserve to know about this major security hole in their site but do I wait and find out if I have the job? and what if I don't get the job do I just not tell them?
Some advice would be great!