Wednesday, January 20, 2021
  • Chinese Startup’s Open Database Exposes 214 Million Social Media Accounts
  • Building a Security-First Culture
  • CursedGrabber strikes again: Sonatype spots new malware campaign against Software Supply Chains
  • Retail and Hospitality Outpaces Other Sectors in Fixing Software Security Vulnerabilities, According to Veracode
  • Axis Security Named 2021 TAG Cyber Distinguished Vendor

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security Security Bloggers Network 

Home » Cybersecurity » Data Security » Unsecured databases found leaking half a billion resumes on the net

Unsecured databases found leaking half a billion resumes on the net

by Graham Cluley on April 4, 2019

Barely a day goes by anymore without another report of sensitive data being left accessible to anyone on Elasticsearch servers or MongoDB databases that have not been properly configured.

Today is no different.

As ZDNet reports, researchers have discovered several exposed servers that belong to Chinese recruitment firms.

Security experts Devin Stokes, Sanyam Jain and Bob Diachenko have played a key role in uncovering many of these exposed databases, which typically contain contact details of executives hunting for new jobs alongside their current salary, career and education history, salary as well as information about their skill set and the training that they have received.

Writing for ZDNet, Catalin Cimpanu calculates that the researchers’ various breach discoveries amount to a staggering 590,497 million resumes that have leaked from Chinese companies in just the last three months.

Some may think that to have half a billion resumes accessible via the public internet isn’t that much of a problem. After all, LinkedIn claims to have 590 million users itself, many of whom will have shared details of their work and education history.

The difference is, of course, that resumes shared with recruitment agencies and head hunters contain much more personal information than that which you’re likely to share with a site like LinkedIn. For instance, when you feel like you are only sharing your details with a human resources agency, you are much more likely to submit details such as your personal home address, your precise data of birth your salary requirements and so forth.

And all of this additional information could be potentially abused by fraudsters and online criminals.

What’s frustrating is that it is not rocket science to harden the security of an Elasticsearch server or MongDB database to prevent unauthorized access.

For instance, there are security measures built (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/unsecured-databases-leaking-resumes/

April 4, 2019April 4, 2019 Graham Cluley china, Data leak, database, elasticsearch, Featured Articles, IT Security and Data Protection, MongoDB
  • ← Hack the Box (HTB) Machines Walkthrough Series — Grandpa
  • CEO’s – Do You Know Where That Infosec Report Came From? →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Pam Sornson, JD – Contributed Writer

IAM Best Practices For DevOps

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Hackers Calling Fair Game on Healthcare Institutions
Managing Identities and Entitlements to Secure the Public Cloud 
Capitol Rioters ID’ed With Help From Dating Apps
Is MDR Cybersecurity Training an Oxymoron?
Bringing Source Code Security Up to Speed
Unemployment Benefits Claims Fraud: New Threats for 2021
Malware protection is easy – Malinformation protection is hard
Pcaps and the Tools That Love Them Part 1 of ???
DEF CON 28 Safe Mode IoT Village – Dr. Amit Bar On’s And Anahit Tarkhanyan’s ‘Future Of IoT Sec Baselines’
The Doritos Conspiracy

Upcoming Webinars

Wed 20

Vulnerability Discovery in the Cloud

January 20 @ 3:00 pm - 4:00 pm
Thu 21

Next Generation Vulnerability Assessment Using Datadog and Snyk

January 21 @ 1:00 pm - 2:00 pm
Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm
Feb 11

How to Merge AppSec and DevOps Effectively for the Good of Software

February 11 @ 3:00 pm - 4:00 pm
Feb 17

Finding and Preventing Secrets in Code

February 17 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

How Utilities Can Mitigate Cyberthreats
Cybersecurity Industry Spotlight Security Boulevard (Original) 

How Utilities Can Mitigate Cyberthreats

January 20, 2021 David Goddard | 13 hours ago 0
Bringing Source Code Security Up to Speed
Application Security Cybersecurity Identity & Access Industry Spotlight Security Boulevard (Original) 

Bringing Source Code Security Up to Speed

January 19, 2021 Dor Atias | Yesterday 0
Hackers Calling Fair Game on Healthcare Institutions
CISO Suite Cybersecurity Data Security Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threat Intelligence 

Hackers Calling Fair Game on Healthcare Institutions

January 18, 2021 Caleb Barlow | 2 days ago 0

Top Stories

Capitol Rioters ID’ed With Help From Dating Apps
Cyberlaw Cybersecurity Featured Incident Response Mobile Security News Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence 

Capitol Rioters ID’ed With Help From Dating Apps

January 18, 2021 Richi Jennings | 2 days ago 0
Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Analytics & Intelligence Cybersecurity Featured Incident Response Malware Mobile Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

January 15, 2021 Richi Jennings | Jan 15 0
Hackers Didn’t Only Use SolarWinds to Break In, Says CISA
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Hackers Didn’t Only Use SolarWinds to Break In, Says CISA

January 11, 2021 Richi Jennings | Jan 11 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Pulsar Analogy’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.