For more at least a week in December, an open MongoDB server exposed more than 200 million records with resumes of Chinese job seekers.
On December 28, Bob Diachenko, director of cyber risk research at HackenProof, discovered an 854GB MongoDB database, containing information on “candidates’ skills and work experience but also on their personal info, such as mobile phone number, email, marriage,children, politics, height, weight, driver license, literacy level, salary expectations,” Diachenko wrote in a blog post, and which didn’t require password/login authentication to access.
"In the case of this data breach, or data exposure, the unprotected data was open and available for about a week, according to the report,” said Jonathan Deveaux, head of enterprise data protection for Comforte. “Forensics from past data breaches have revealed that outside access to data was typically available for months, and sometimes years. Therefore, one might say that the owners of this database were ‘lucky’ that the data was only exposed for a week.”
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.