200 million Chinese resumes leak in huge database breach


200 million Chinese resumes leak in huge database breach

Last night, HackenProof published a report stating that a database containing resumes of over 200 million job seekers in China was exposed last month. The leaked info included not just the name and working experience of people, but also their  mobile phone number, email, marriage status, children, politics, height, weight, driver license, and literacy level as well.

Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, found an unprotected instance of MongoDB containing these resumes on December 28.

Take me

Diachenko found the resumes in the open database search engines Shodan and BinaryEdge. The 854GB database didn』t have any password protection and was open to anyone to read.

200 million Chinese resumes leak in huge database breach
Screenshot of the GitHub[index company=github] repository

Diachenko wasn』t able to identify who generated the database or who owned it, but a now-defunct GitHub code repository featured a code that used an identical data structure to the leaked database. The database contained scraped data from multiple Chinese classified websites like bj.58.com. However, in a blog post , the website』s spokesperson denied the leak:

We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us.
It seems that the data is leaked from a third-party who scrape data from many CV websites.

Interestingly, the database was taken down as soon as Diachenko posted about the database on Twitter. Sadly, the MongoDB log showed at least a dozen IP addresses that read the instance before it went off the grid. 

In most instances, it』s easy to contact the owner of the database and secure the info. However, in this instance, since there』s no clear owner of the database, it』s dangerous to assume that the leaked data is safe.  

You can read the full report here .

原文 : The Next Web


免责声明:本文内容来源于The Next Web,已注明原文出处和链接,文章观点不代表立场,如若侵犯到您的权益,或涉不实谣言,敬请向我们提出检举。