Personal data on 202 million Chinese job-seekers left exposed on insecure database

Resume information about more than 200 million Chinese job-seekers was exposed on an insecure database accessed in December by a researcher from Hacken, a cybersecurity company. Bob Diachenko, director of cyber risk research at Hacken.io and the bug bounty platform HackenProof, announced Thursday that he found a 854 gigabyte MongoDB database containing 202,730,434 records about job candidates from China. The files contained candidates’ skills and work experience, as well as their mobile phone number, email address, marriage status, political leanings, height, weight, driver’s license information and salary expectations, among other personal data. Not every field was filled-in for each individual, Diachenko said. The database did not require visitors to enter a username or password to access the information, Diachenko wrote. While the owner of the database remains unclear, Diachenko explained that the information appears to have originated from a tool used to scrape data from the websites of Chinese classifieds. […]

The post Personal data on 202 million Chinese job-seekers left exposed on insecure database appeared first on CyberScoop.

Continue reading Personal data on 202 million Chinese job-seekers left exposed on insecure database

Data about 57 million people exposed by Elasticsearch servers

A data breach involving Elasticsearch search-engine technology exposed the personal information of nearly 57 million people for at least two weeks, according to report released Wednesday by the cybersecurity organization Hacken. The breach exposed 73 gigabytes of data as early as Nov. 14, Hacken said, including the names, employers, job titles, emails, addresses, phone numbers and IP addresses of 56,934,021 U.S. residents. There was a separate cache of data titled “Yellow Pages,” the report said, with 25 million records about businesses, including information such as names, company details, zip addresses, latitude/longitude, census tract, phone numbers, web addresses, emails, revenue numbers and more. Hacken said it was unclear where the leak originated, but the formatting of the data appeared to have similarities to fields used by Canadian data management company Data & Leads. The database is no longer exposing information to the public, Hacken said. Elasticsearch is an open-source tool intended to allow users to search data stored in private networks. The […]

The post Data about 57 million people exposed by Elasticsearch servers appeared first on Cyberscoop.

Continue reading Data about 57 million people exposed by Elasticsearch servers

Researcher finds trove of political fundraising, old voter data on open internet

A consulting firm that works with Democratic campaigns unknowingly left sensitive fundraiser information and credentials to old voter record databases open on the internet, according to a report published on Wednesday. Cybersecurity company Hacken says it discovered an unprotected Network Attached Storage (NAS) device managed by Rice Consulting, a Maryland firm that provides fundraising and mass communication to Democratic clients. Authentication was reportedly disabled on the NAS, and Hacken says that it was indexed by Shodan, an Internet-of-Things search engine. With its contents publicly accessible, the NAS revealed details about Rice Consulting’s clients as well as details about “thousands of fundraisers,” Hacken says. Those details include names, phone numbers, emails, addresses and companies. There were apparently also contracts, meeting notes, desktop backups and employee details. Rice Consulting did not respond to an email request for comment on the Hacken report. When CyberScoop called the firm, the person who answered said […]

The post Researcher finds trove of political fundraising, old voter data on open internet appeared first on Cyberscoop.

Continue reading Researcher finds trove of political fundraising, old voter data on open internet