Leave a comment

If you applied for a job at Chipotle, you could be wide open to a phishing attack

If you applied for a job at Chipotle, you could be wide open to a phishing attack
PHOTO COURTESY OF SHUTTERSTOCK

Often, when you hear about big corporations being hacked it's because sophisticated cybercriminals exploited tiny holes in the company's computer systems. That is, despite companies like Target having tough security systems in place.

Yet, that's not always the case. In fact, a Mexican fast-food restaurant just left itself open to security hacks.

It involved the $4.1 billion Chipotle Mexican Grill's human resources department. They would respond to job applicants with email addresses that ended with ChipotleHR.com.

However, one job applicant, a cybersecurity expert, responded to one of those addresses. He received an automatic message bounced saying his message was undeliverable.

When he checked into the ownership of the domain name, he found that ChipotleHR.com was not owned by Chipotle. So, this job applicant bought the domain name for $30.

He was able to read emails that had been sent to that address. In other words, he intercepted messages intended for Chipotle from people who thought they were corresponding with the company. It was legal since he owned the website address.

"The potential for someone to abuse this is huge," said the applicant, Michael Kohlman. Chipotle was alerted to the security hole.

The company said the hole didn't pose any security problems. However, it has since incorporated the address into its existing site, Careers.Chipotle.com.

Next Story
View Comments ()
LG just canceled that great-looking smartwatch it released 6 days ago
Previous Happening Now

LG just canceled that great-looking smartwatch it released 6 days ago

This little Wi-Fi stone secures your smart home
Next Happening Now

This little Wi-Fi stone secures your smart home