My in-laws have applied for US visitor visa and I am tracking their VISA appointment to see if we can prepone it so that they can come early to the US. I was at first impressed with the VFS (http://www.vfs-usa.co.in) website that caters to the US Visa requests from India for the controls that they had in place to ensure correctness and security. It would have never occurred to me to test those as I would have expected that any government website would tested and re-tested against vulnerabilities. When you think of how many people enter the US every year, how many leave to vacation at Mexico all-inclusive resorts or come to work here after working at Barbados all inclusive hotels, it is surprising.
I guess I was wrong. All I did was to enter my father-in-laws details on the website. While doing so I somehow entered the last three digits of his visa fees receipt number wrong and VIOLA!!! I was presented with records of three apparently related people who were totally unrelated to me or my father-in-law. I could have canceled their appointment or done all kind of mischief. Needless to say, I closed the web-page promptly after taking this screen-shot. It appears that at some point RAID data recovery will be necessary for those victimized by hackers.
Whether I should inform the US Visa department or not, I am not sure. But I thought I should publish this.