A new website has been set up by Jeremy Corbyn's leadership campaign as it transforms itself into a grassroots activist movement.
But BuzzFeed News has discovered that the site has a glaring security flaw – it allows visitors to pretend to send a fake email as someone else. On the share page, you can input any name, any email address, and even change the message.
So, for instance, you could pretend to be the leader of the Labour party and send an email to someone telling them that you're resigning.
I put in my own details and got this email within a minute.
Although you can input a name and email address and change the message, the email subject always remains the same, "People's Momentum".
Most sites on the internet don't allow users to send emails with their own phrasing to avoid the risk of them being used to send fake or fraudulent messages. Other ways of achieving this would be too complicated for typical users – certainly harder than just typing details into an online form.
The Momentum site, however, would make it quite easy for online fraudsters – known as phishers – to send plausible-looking emails from banks or shopping sites in the hope that the recipient would follow a link within and hand over personal details.
Similarly, an email could appear apparently from a friend asking you if their Facebook profile has disappeared, with a genuine-looking link that again could steal your login details.
My colleague Tom Warren highlighted how easy it could be used to spam people for personal details.
Those who input their own details into the website to share it with their friends are also inadvertently giving their email address to the campaign.
It is unclear whether the campaign also stores the details of those whose email address are entered into the website.
The spokesperson said they would "look into" the page with their tech engineers.
BuzzFeed News has been assured that this flaw has been fixed.
Siraj Datoo is a political reporter for BuzzFeed News and is based in London.
Contact Siraj Datoo at email@example.com.
Got a confidential tip? Submit it here.