'Very detailed' data set on millions of Chinese jobseekers was left exposed for more than three years, and has been frequently accessed, security researchers have reported.
According to security researcher Bob Diachenko, an unsecured, open MongoDB database was just sitting there, holding private and detailed data on 202,730,434 Chinese jobseekers.
He said the database could easily be found using Shodan, Binary Edge, or any other data search engine, whoever knew where to look. Only after he tweeted about the database had it been locked down.
At the moment, nobody still knows whose database this is, and how the data was obtained. Further investigation seems to point towards the direction of 58.com, something like Craigslists for the Chinese. However, 58.com says it's not behind the database, saying it may be a third-party who was scraping their data.
“We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us. It seems that the data is leaked from a third party who scrape[d] data from many CV websites,” a spokesperson told Diachenko.
The database was open for three years, and apparently it was frequently accessed. “It’s worth noting that MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline,” Diachenko wrote.
Image Credit: Balefire / Shutterstock