Security Affairs
Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Unsecured MongoDB archive exposed 202 Million private resumes

Security expert discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. Security expert Bob Diachenko discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. The huge trove of data belongs to job seekers in China, its records include personal […]

Security expert discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people.

Security expert Bob Diachenko discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people.

The huge trove of data belongs to job seekers in China, its records include personal information of individuals like names, height, weight, email IDs, marriage status, political leanings, skills and work experience, phone numbers, salary expectations, and driver licenses were exposed.

The MongoDB archive contains 854GB of data related to the last three years, it is the largest data leak incident of ever occurred in China.

MongoDB archive

“On December 28th, Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, analyzed the data stream of BinaryEdge search engine and identified an open and unprotected MongoDB instance” reads the post published by Diachenko.

“Upon closer inspection, an 854 GB sized MongoDB database was left unattended, with no password/login authentication needed to view and access the details of what appeared to be more than 200 million very detailed resumes of Chinese job seekers.”

The expert discovered the origin of the data when one of its Twitter followers pointed to a GitHub repository

Data were collected by using a tool named “data-import” (created 3 years ago) that was scraping resumes from different Chinese classifieds, like bj.58.com.

58.com’s representative explained that the records were by their platform and confirmed that a third-party has created it.

At the time it is not clear how long such kind of data remained exposed online, Diachenko confirmed that the MongoDB log showed that the archive has been regularly accessed by someone, it included a dozen IPs.

The good news is that the database was secured just after the news of its discovery was published online.

“As of the date of this publication, there is no official confirmation on the data owner. We have already covered the issue of web scraping here: https://blog.hackenproof.com/industry-news/new-report-unknown-data-scraper-breach ” concludes Diachenko .

In September 2018, another huge archive containing data of 130 Million hotel chain guests was offered for sale on the dark web for around $56,000 at that time worth of Bitcoin.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – MongoDB archive, data leak)

[adrotate banner=”5″]

[adrotate banner="13"]