Jeremy Corbyn's New Campaign Website Has A Huge Security Flaw

Although you can input a name and email address and change the message, the email subject always remains the same, "People's Momentum".

Most sites on the internet don't allow users to send emails with their own phrasing to avoid the risk of them being used to send fake or fraudulent messages. Other ways of achieving this would be too complicated for typical users – certainly harder than just typing details into an online form.

The Momentum site, however, would make it quite easy for online fraudsters – known as phishers – to send plausible-looking emails from banks or shopping sites in the hope that the recipient would follow a link within and hand over personal details.

Similarly, an email could appear apparently from a friend asking you if their Facebook profile has disappeared, with a genuine-looking link that again could steal your login details.

Those who input their own details into the website to share it with their friends are also inadvertently giving their email address to the campaign.

When the site was launched on Thursday morning, it did not include a privacy policy and there was nothing to tell users that their details would be stored.

After BuzzFeed News started working on this article – and after a spokesperson for the campaign was asked about the page – a privacy policy was uploaded to the "share" page. The policy notes that anyone who fills in a form on the website will have their information saved.

It is unclear whether the campaign also stores the details of those whose email address are entered into the website.

The spokesperson said they would "look into" the page with their tech engineers.