https://techcrunch.com/2019/01/11/202-million-job-seekers-personal-data-exposed/
By Jon Russell
TechCrunch.com
1/11/2019
The personal details belonging to more than 202 million job seekers in China,
including information like phone numbers, email addresses, driver licenses and
salary expectations, were freely available to anyone who knew where to look for
as long as three years due to an insecure database.
That's according to findings published by security researcher Bob Diachenko who
located an open and unprotected MongoDB instance in late December which
contained 202,730,434 "very detailed" records. The database was indexed in data
search engines Binary Edge and Shodan, and was freely visible without a
password or login. It was only made private after Diachenko released
information about its existence on Twitter.
Diachenko, who is director of cyber risk research at Hacken, wasn't able to
match the database with a specific service, but he did locate a three-year-old
GitHub repository for an app that included "identical structural patterns as
those used in the exposed resumes." Again, ownership is not clear at this point
although the records do seem to contain data that was scraped from Chinese
classifieds, including the Craigslist-like 58.com.
A 58.com spokesperson denied that the records were its creation. They instead
claimed that their service had been the victim of scraping from a third-party.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
