Lime Pictures takes identity fraud and data protection "very, very, very seriously"
There's obviously a "very" or ten missing from that sentence. In any case, Lime Pictures is _going_ to take things seriously when they find out that applicants are getting rarer than hen's teeth.
I can accept that web applications and security are two things that are difficult to put together, but here we have a case where simply changing an ID included in the URL gives full details of another person.
That, to me, fingers conceptual sloppiness as the culprit, and there's no excuse for it. It should have been caught from the start by any developer worth his salt.
Or has the new generation forgotten that a URL is by definition insecure ? That the first thing a hacker (even a whitehat one) will try is to change the URL parameters and see what happens ?
Well this is what happens, you display confidential data all over the Internet. Then Google caches it. Then it is visible even when you've taken it offline (which is the primary function of GoogleCache, and has already been a total nuisance for a lot of companies with something they regretted having posted after).
Welcome to the Internet, Lime Pictures. It's time to wake up and smell the burnt toast.