Barely a day goes by anymore without another report of sensitive data being left accessible to anyone on Elasticsearch servers or MongoDB databases that have not been properly configured.
Today is no different.
As ZDNet reports, researchers have discovered several exposed servers that belong to Chinese recruitment firms.
Security experts Devin Stokes, Sanyam Jain and Bob Diachenko have played a key role in uncovering many of these exposed databases, which typically contain contact details of executives hunting for new jobs alongside their current salary, career and education history, salary as well as information about their skill set and the training that they have received.
Writing for ZDNet, Catalin Cimpanu calculates that the researchers’ various breach discoveries amount to a staggering 590,497 million resumes that have leaked from Chinese companies in just the last three months.
Some may think that to have half a billion resumes accessible via the public internet isn’t that much of a problem. After all, LinkedIn claims to have 590 million users itself, many of whom will have shared details of their work and education history.
The difference is, of course, that resumes shared with recruitment agencies and head hunters contain much more personal information than that which you’re likely to share with a site like LinkedIn. For instance, when you feel like you are only sharing your details with a human resources agency, you are much more likely to submit details such as your personal home address, your precise data of birth your salary requirements and so forth.
And all of this additional information could be potentially abused by fraudsters and online criminals.
What’s frustrating is that it is not rocket science to harden the security of an Elasticsearch server or MongDB database to prevent unauthorized access.
For instance, there are security measures built (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/unsecured-databases-leaking-resumes/