Security expert Bob Diachenko discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people.
The huge trove of data belongs to job seekers in China, its records include personal information of individuals like names, height, weight, email IDs, marriage status, political leanings, skills and work experience, phone numbers, salary expectations, and driver licenses were exposed.
The MongoDB archive contains 854GB of data related to the last three years, it is the largest data leak incident of ever occurred in China.
“On December 28th, Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, analyzed the data stream of BinaryEdge search engine and identified an open and unprotected MongoDB instance” reads the post published by Diachenko.
“Upon closer inspection, an 854 GB sized MongoDB database was left unattended, with no password/login authentication needed to view and access the details of what appeared to be more than 200 million very detailed resumes of Chinese job seekers.”
The expert discovered the origin of the data when one of its Twitter followers pointed to a GitHub repository.
Data were collected by using a tool named “data-import” (created 3 years ago) that was scraping resumes from different Chinese classifieds, like bj.58.com.
58.com’s representative explained that the records were by their platform and confirmed that a third-party has created it.
At the time it is not clear how long such kind of data remained exposed online, Diachenko confirmed that the MongoDB log showed that the archive has been regularly accessed by someone, it included a dozen IPs.
The good news is that the database was secured just after the news of its discovery was published online.
“As of the date of this publication, there is no official confirmation on the data owner. We have already covered the issue of web scraping here: https://blog.hackenproof.com/industry-news/new-report-unknown-data-scraper-breach ” concludes
In September 2018, another huge archive containing data of 130 Million hotel chain guests was offered for sale on the dark web for around $56,000 at that time worth of Bitcoin.
(SecurityAffairs – MongoDB archive, data leak)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.