202 Million Chinese Job Seekers private resumes exposed On the Internet

chinese-job-seekers-private-resumes-exposed

Cybersecurity expert has found a bug where online a massive database list of more than 200 million Chinese jobs seekers private data on the Internet without authentication until last week by Chinese job seekers private resumes

The unprotected 854 GB of the database was stolen in a MongoDB database with no password/login authentication. Which NoSQL high-performance database server, hosted by an American hosting provider company.

The same IP also appeared in Shodan search results:

chinese-job-seekers-private-resumes-exposed-2

In total database content of the 202,730,434  recode about the China job seeker skills and work experience and also on their personal info, like as mobile phone number, email, weight, politics, height, marriage details, children, driver license, literacy level, salary expectations and more.

202 Million Chinese Job Seekers private resumes exposed On the Internet

chinese-job-seekers-private-resumes-exposed-3

Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof analyze the date steam two weak ago and classified an open and unprotected MongoDB instance to Chinese Job Seekers private resumes exposed

“MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline,” Diachenko said.

The source of the data unknown, Diachenko thinks someone has used an old resume scraping The tool named “data-import” seems to have been created to scrape data from different Chinese classifieds, like bj.58.com and etc. the format of the of Seekers data  matches the way scraping tool stores collected information

The security team of BJ.58.com did not confirm that the data originated from their source

We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us.

It seems that the data is leaked from a third party who scrape data from many CV websites.