Last night, HackenProof published a report stating that a database containing CVs of over 200 million job seekers in China had been exposed last month. The information disclosed included not only the name and work experience of the individuals, but also their mobile phone number, e-mail address, marital status, children, political life, size, weight, drive and their level of literacy.
Bob Diachenko, director of cyber risk research at Hacken.io and the HackenProof bug bonus platform, found an unprotected MongoDB instance containing these resumes on December 28th.
Diachenko found resumes in open database search engines Shodan and BinaryEdge. The 854 GB database had no password protection and was open to anyone to read.
Diachenko was not able to identify who generated the database or who owns it, but a GitHub repository today had a code that used a data structure identical to the database disclosed. The database contained data extracted from several Chinese classified websites such as bj.58.com. However, in a blog post the spokesman for the website denied the leak:
We searched our database and looked at all other storage systems. It appeared that the sample data was not disclosed to us.
It appears that the data has been disclosed by a third party who retrieves data from numerous resume websites.
It is interesting to note that the database was removed as soon as Diachenko published information about the database on Twitter. Unfortunately, the MongoDB reported at least a dozen IP addresses that read the instance before it left the grid.
In most cases, it is easy to contact the owner of the database and secure the information. However, in this case, since there is no clear owner of the database, it is dangerous to assume that the data disclosed is safe.
You can read the full report here .
To read further:
A very simple guide to anonymously use cryptocurrency