Skip to main content

200m jobseekers have details exposed in major data breach

(Image credit: Image Credit: Balefire / Shutterstock)

'Very detailed' data set on millions of Chinese jobseekers was left exposed for more than three years, and has been frequently accessed, security researchers have reported.

According to security researcher Bob Diachenko (opens in new tab), an unsecured, open MongoDB database was just sitting there, holding private and detailed data on 202,730,434 Chinese jobseekers.

He said the database could easily be found using Shodan, Binary Edge, or any other data search engine, whoever knew where to look. Only after he tweeted about the database had it been locked down.

At the moment, nobody still knows whose database this is, and how the data was obtained. Further investigation seems to point towards the direction of 58.com, something like Craigslists for the Chinese. However, 58.com says it's not behind the database, saying it may be a third-party who was scraping their data.

“We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us. It seems that the data is leaked from a third party who scrape[d] data from many CV websites,” a spokesperson told Diachenko.

The database was open for three years, and apparently it was frequently accessed. “It’s worth noting that MongoDB  log showed at least a dozen IPs who might have accessed the data before it was taken offline,” Diachenko wrote.

Image Credit: Balefire / Shutterstock

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.