Cybersecurity expert has found a bug where online a massive database list of more than 200 million Chinese jobs seekers private data on the Internet without authentication until last week by Chinese job seekers private resumes
The unprotected 854 GB of the database was stolen in a MongoDB database with no password/login authentication. Which NoSQL high-performance database server, hosted by an American hosting provider company.
The same IP also appeared in Shodan search results:
In total database content of the 202,730,434 recode about the China job seeker skills and work experience and also on their personal info, like as mobile phone number, email, weight, politics, height, marriage details, children, driver license, literacy level, salary expectations and more.
202 Million Chinese Job Seekers private resumes exposed On the Internet
Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof analyze the date steam two weak ago and classified an open and unprotected MongoDB instance to Chinese Job Seekers private resumes exposed
The source of the data unknown, Diachenko thinks someone has used an old resume scraping The tool named “data-import” seems to have been created to scrape data from different Chinese classifieds, like bj.58.com and etc. the format of the of Seekers data matches the way scraping tool stores collected information
The security team of BJ.58.com did not confirm that the data originated from their source
It seems that the data is leaked from a third party who scrape data from many CV websites.