By Caroline Ryan
BBC News website health reporter
Medical students' references have been accessible for others to edit on the website they use to apply for work as doctors, the BBC has learned.
Students use the website to apply for hospital posts
The security breach meant it was possible to read through students' applications without them knowing.
These areas of the New Doctor website have now been made secure after the medical authorities were alerted.
The head of the medical training body said "improper or illegal" tampering would be dealt with.
Under the website system introduced last year, the 5-6,000 students who graduate from medical school annually apply via the site for an NHS two-year foundation training course in UK hospitals.
It was revealed this weekend that senior doctors are worried that a number of "high-flying" students failed to get posts in the first round of applications for jobs starting in August.
The site is run by a team linked to medical deaneries - which oversee doctors training in each region. This system is linked into the NHS foundation scheme.
'Open to abuse'
Robert Goss, a final year student at the Royal Free and University College London (RFUCL) Medical School, told the BBC News website he was "astonished" to be able to access a friend's reference and edit it on site.
He said: "The fact that the system is so poorly organised that our information is able to be seen and altered by anyone with access to the internet adds insult to injury."
In documents seen by the BBC News website, Mr Goss was able to open up the application form of another student, and access and edit a new version of the reference which he then saved permanently on the site to show how changes could be made.
It was also possible to see the list of students a particular referee had written references for, and how many students had applied for jobs from particular countries.
The student whose reference was changed, who did not want to be named, said she was horrified when she found out what was possible.
She added: "It is one problem the new system being a complete lottery, but the security of the website has been completely open to abuse.
"It makes me wonder what other information has been available on those admin pages over the previous few months.
"I no longer have any trust that any application information I have submitted is secure."
Professor Margaret Lloyd, vice-dean for curriculum at the RFUCL medical school, whose referee list was accessed, said she was "very concerned" by news of the confidentiality breaches.
Professor Graham Winyard, head of the Conference of Postgraduate Medical Deans (CoPMED) which oversees doctors' training, said the team which ran the site had been notified on Monday that it was possible to access the confidential references section of the site.
He added: "That part of the system was immediately closed, and an audit commissioned.
"The team would welcome details of any security breaches.
"We would like to thank those who brought this to our attention."
Professor Winyard said: "If there is evidence of illegal or improper activity by any individual, then the appropriate authorities will be notified."
He said the references would not be used by hospitals during the 'matching' process, where students are found posts suitable for them.
After that, references can be taken up by post and fax, as well as online.
But a spokesman for the British Medical Association said: "It's very worrying to hear that the website may not have been completely secure.
"There are hundreds of medical students still waiting to find out where their first job will be, and the knowledge that third parties could have accessed confidential information on their applications will cause them added anxiety.
"We hope these claims will be thoroughly investigated."