An unprotected MongoDB server exposed a database that contains resumes of 202 million Chinese people online, according to a researcher.
Bob Diachenko, Director of Cyber Risk Research at HackenProof, discovered that the unsecured server was left visible online without a password, thus exposing the resumes that contained personal details such as mobile phone number, email, marital status, driver license, literacy level, salary expectations, skills, and work experience. The leaky server was secured soon after Diachenko publicized the issue via a Twitter post.
“An 854 GB sized MongoDB database was left unattended, with no password/login authentication needed to view and access the details of what appeared to be more than 200 million very detailed resumes of Chinese job seekers,” Bob Diachenko said in a post.
It’s believed that the data had been taken from different Chinese classifieds like bj.58.com, according to Diachenko. However, the security officials at bj.58.com didn’t confirm that the data leaked from their source.
“We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us. It seems that the data is leaked from a third party who scrape data from many CV websites,” bj.58.com clarified.
In his similar findings, Bob Diachenko discovered that an unprotected Elasticsearch database exposed personal details of 57 million U.S. citizens for almost two weeks. Diachenko stated that the unsecured server was left visible online without a password exposing customers’ personal data. ElasticSearch, an enterprise search engine, provides technology solutions for powering search functions.
The researcher also stated he found another index of the same database that contained 25 million additional data records holding sensitive information, including names, company details, zip address, carrier route, latitude/longitude, census tract, phone number, web address, email, employees count, revenue numbers, NAICS codes, and SIC codes.