Flaw discovered when sharing BBC news stories

Ok the other day I unintentionally stumbled upon a possible flaw with the news stories email sharing feature on the BBC News website (www.bbc.co.uk).

Basically, it appears that anyone can share news stories on the BBC News website to any known email address and to set the sender name and email address to anything, including bogus domains! – In theory, this means that someone could make someone else believe that someone else has emailed them a news stories when they haven’t. – I tried this with a friend and proved myself correct!

To do this:


  • Click on the envelope icon top right

  • Enter in the recipients email address (the person you wish to be emailed the news story)


  • Under Your Details, enter in the name of the person you want the recipient to think emailed the news story to them as well as their email address (this can be made up). Enter the security code and click on Send


  • The news story will then be emailed to the recipient and will be addressed by the name and email address entered into the Your Details boxes.

I’m genuinely surprised the BBC have allowed this. In fact, looking at the privacy settings and FAQs it looks like they have washed their hands of it!:






About Alex Pegg

Hi my name is Alex Pegg MCP MCDST MCTS and I am The IT Guy. I am an Application Support Analyst from Leicester, UK and have worked in IT support services for 15 years. Alex Pegg MCP MCDST MCTS
This entry was posted in Tips. Bookmark the permalink.

One Response to Flaw discovered when sharing BBC news stories

  1. joe blogs says:

    You need to get out more.

Post a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s