Connect with us

Hacker News

MongoDB Database Exposed 200 Million Records and Resumes for Over 1 Week

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

MongoDB Database Exposed 200 Million Records and Resumes for Over 1 Week

Published

5 years ago

on

MongoDB Database Exposed 200 Million Records and Resumes for Over 1 Week

An enormous MongoDB database which contains over 200 million job seeker records was accessible for over a week to anyone who came across it. The records in question are of job seekers in China and include resumes. The size of the cache was 854GB.

There were 202,730,434 records sitting on the database, which included the identifiable information that you’d expect to find on resumes such as full name, date of birth, phone number, email address, civil status, and professional experience and job expectations.

Cybersecurity professionals are now concerned that cybercriminals will be able to use this information to conduct targeted phishing scams. With such identifying information, the attackers could craft an email which could appear to have a high level of authority to the reader due to the personal nature.

The database was discovered on 28 December by Bob Diachenko, Director of Cyber Risk Research at Hacken and bug bounty platform HackenProof. Diachenko’s next task was to identify the owner of the database so that it could be secured and the potential damage is reduced. Diachenko has now stated that the database has been secured, and no further unauthorized users will be able to stumble across the database and help themselves to the data.

Diachenko stated that is this not an unusual or rare occurrence, and that he has seen this numerous times. Often companies can change settings on their database and not release it is now exposed to the world. The scale of the database is extremely large in this scenario, but still, far too many companies are not being vigilant enough about ensuring their databases are secure.

In order to identify the owner of the database, Diachenko used a tool he found on GitHub called data-import. He was able to identify patterns between the database and other data provided by the tool, leading him to the owner.

Diachenko has stated that data-import’s purpose was to scrape information from classified listings. He could not say if the app was official or illegal.

Related Topics:

Experienced British technology journalist and online reporter

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *