Over 202 Million Chinese Job Seekers' Details Exposed On the Internet

 

Cybersecurity researcher has discovered online a massive database containing records of more than 202 million Chinese citizens that remained accessible to anyone on the Internet without authentication until last week.

The unprotected 854.8 gigabytes of the database was stored in an instance of MongoDB, a NoSQL high performance and cross-platform document-oriented database, hosted by an American server hosting company.

In total, the database contained 202,730,434 records about job candidates from China, including candidates' personal information such as their full name, date of birth, phone number, email address, marriage status, and driver’s license information, along with their professional experience and job expectations.

Bob Diachenko, director of cyber risk research at Hacken.io and bug bounty platform HackenProof, discovered the existence of database two weeks ago, which had been secured shortly after his notification on Twitter.

However, it is worth noting that "MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline," Diachenko said.

Though the source of the data is still unknown, Diachenko believes someone might have used an old resume scraping tool called "data-import" to collect all these job seekers' resumes from different Chinese classified websites, like bj.58.com.

Diachenko believes so because the format of the leaked database exactly matches the way scraping tool stores collected information.

Diachenko also communicated with the BJ.58.com team, who then told him that the leaked data did not originate from its website, but suggested that it could have been leaked from a third party that collects data from many CV websites."We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us," BJ.58.com told Diachenko.This isn't the first time when MongoDB instances are found exposed to the Internet. In recent years, we have published several similar reports where unprotected MongoDB servers exposed billions of records.

CEEH - (Certified Expert Ethical Hacker) Certification. This Is Advance Ethical Hacking Course You Will Learn In This Course

Chapter 1- Introduction Of Ethical Hacking

Chapter 2- Cyber Crime

Chapter 3- Foot-Printing

Chapter 4- Foot-Printing Pen-Testing

Chapter 5- Scanning

Chapter 6- Proxy Server

Chapter 7- Enumeration

Chapter 8- Banner Garbing

Chapter 9- Password Hacking

Chapter 10- Windows Hacking And Securing

Chapter 11- System Hacking

Chapter 12- Virus And Worm

Chapter 13- Physical Security

Chapter 14 - Ransomware

Chapter 15 -Sniffing

Chapter 16 -Social Engineering

Chapter 17 -Session Hijacking

Chapter 18 -Dos Attack

Chapter 19 -Stenography

Chapter 20 -Cryptography

Chapter 21 -Sql Injection

Chapter 22 -Web Server & Application Hacking

Chapter 23 -Buffer Overflow

Chapter 24 -Wireless Network Hacking

Chapter 26 -Sim Card Cloning

Chapter 27 -Android Hacking

Chapter 28 -Honey Port

Chapter 29 - Batch File Programing

And So On ...

Challenge EC-Council Course CEHv10 0r Update Version

.

Contact us:

Red Securium Pvt Limited Company

Red securium company provide best ethical hacking  and cyber security training in noida.

Address: Block A, A-25, Second Floor, Sector 3, Noida, Uttar Pradesh 201301

Telephone number: +91-120 429 1672

Website : redsecurium.org

Email: info@redsecurium.org

Mobile number: +91-7455923827

Blog: https://redsecurium.com/blog

Google+ Profile: Red Securium

Facebook profile: Red Securium

Twitter Profile: Red Securium

Instagram Profile: Red Securium