Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Unprotected Elasticsearch DB exposed 33 Million job profiles in China

Security expert discovered an unprotected Elasticsearch database exposed online that was containing approximately 33 million job profiles in China.  Security expert Sanyam Jain at GDI Foundation has discovered an unprotected database exposed online that was containing approximately 33 million profiles for people in China who provided their resume to job recruitment sites.  The expert discovered […]

Elasticsearch

Security expert discovered an unprotected Elasticsearch database exposed online that was containing approximately 33 million job profiles in China. 

Security expert Sanyam Jain at GDI Foundation has discovered an unprotected database exposed online that was containing approximately 33 million profiles for people in China who provided their resume to job recruitment sites. 

The expert discovered the Elasticsearch database using the Shodan search engine, the 57GB archive included a username, gender, age, current city, home address, email address, phone number, marriage status, job history, education history, and salary history.

Jain discovering the ElasticSearch database on March 10th, 2019, but he was able to discover who was the owner of the archive.

The analysis of the archive allowed the expert to discover references to multiple Chinese job recruitment sites such as 51Jobs, lagou, and Zhilian.

“During the initial investigation what I have found is that the customer profiles for the companies 51Jobs, lagou, and Zhilian recruitment are being stored in the database. I believe that a third-party is aggregating the information from these companies and using them in some way.” Jain told to BleepingComputer.

The availability of this data potentially exposed people to several malicious activities such as scams and identity theft. The knowledge of the salary for so many people could be used by businesses to hire employees from their original companies.

Jain reported his findings to CNCERT, the China Cyber emergency response team, on March 11, 2019. The CNCERT told the expert it had identified the owner of the IP address as “北京机到网络科技有限公司” and that he contacted him to take the database offline.

The Elasticsearch database was shutdown on March 13, 2019.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – China data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]