Friday, February 26, 2021
  • Sete práticas de segurança cibernética que toda organização deveria implementar
  • Evolução da cibersegurança: Uma breve linha do tempo
  • Um dia na vida de um analista SOC
  • Google to Underwrite Contributors to Linux Security
  • Infrastructure Hygiene: Fixing Vulnerabilities

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Unprotected Database Exposed 13.7M Users’ Employment Information

Unprotected Database Exposed 13.7M Users’ Employment Information

by David Bisson on May 2, 2019

An unprotected database made it possible for anyone on the web to view the personal and employment information of 13.7 million users.

Security researcher and GDI Foundation member Sanyam Jain discovered the database and determined that it belonged to Ladders, a New York-based job recruitment site which specializes in high-end jobs. Jain then shared his findings with TechCrunch.

In its analysis of the database, TechCrunch found that the database consisted of 13.7 million data records. Each of those files included several bits of personal information including an individual’s name, email address, postal address, phone number and IP address. Every record also included an individual’s employment data including their employer history, security clearances and in some cases detailed job descriptions of previous work going back several years.

A partial record (redacted) including a person’s name, address, phone number, job description and details of their security clearance (Source: TechCrunch)

The database, an Amazon-hosted Elasticsearch asset that lacked a password at the time of discovery, also exposed less sensitive details of 379,000 job recruiters.

Subsequently, TechCrunch took it upon itself to verify the information contained in the database. It did so by contacting more than a dozen users of the site. Several of those individuals confirmed that the information was correct, while one even said they had stopped using Ladders after learning of the data breach.

TechCrunch also reached out to Ladder about the security incident. In less than an hour, the recruitment site responded by pulling the database offline.

Marc Cenedella, chief executive of Ladders, explained in a statement provided to TechCrunch that the company is currently working to determine the impact of this breach:

AWS confirms that our AWS Managed Elastic Search is secure, and is only accessible by Ladders employees at indicated IP addresses. We will look into (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/unprotected-database-exposed-13-7m-users-employment-information/

May 2, 2019May 2, 2019 David Bisson database, employment, IT Security and Data Protection, Ladders, Latest Security News
  • ← Beyond Checkboxes: 6 Cloud Security Measures All Healthcare Organizations Should Take
  • Threat Hunting with Osquery: 5 macOS Malware Techniques & How to Find Them →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Think Macs Don’t Get Malware? Think Again.
How to Secure Your Cloud Investment
Mitigating Third-Party Supply Chain Breaches
What’s Scarier Than the SolarWinds Breach?
Sysdig Donates Module to CNCF to Improve Linux Security
Surge in ZLoader Attacks Observed
From Zero to Zero Trust: Five Tips to Simplify Your Journey
Ransomware Attacks Remain Persistent and Pervasive
Industrial Cybersecurity and the Florida Water Supply Attack with Dale Peterson
CipherCloud Chronicles 9: Docs Journey-Reassuring Data Classification with CipherCloud

Upcoming Webinars

Mar 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mar 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mar 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Mar 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mar 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

Managing the AppSec Toolstack

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

XDR: Next-Level Prevention and Detection
Analytics & Intelligence Cybersecurity Endpoint Incident Response Industry Spotlight Security Boulevard (Original) 

XDR: Next-Level Prevention and Detection

February 25, 2021 Eyal Gruner | Yesterday 0
Breach Clarity Data Breach Report: Week of Feb. 22
Cloud Security Cybersecurity Data Security Endpoint Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Breach Clarity Data Breach Report: Week of Feb. 22

February 24, 2021 Kyle Marchini | 2 days ago 0
What’s Scarier Than the SolarWinds Breach?
Cloud Security Cybersecurity Data Security Industry Spotlight Network Security Security Awareness Security Boulevard (Original) Threats & Breaches 

What’s Scarier Than the SolarWinds Breach?

February 23, 2021 Yuval Elddad | 3 days ago 0

Top Stories

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | 5 hours ago 0
Think Macs Don’t Get Malware? Think Again.
Analytics & Intelligence Cloud Security Cybersecurity Endpoint Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Think Macs Don’t Get Malware? Think Again.

February 22, 2021 Richi Jennings | 4 days ago 0
SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs

February 19, 2021 Richi Jennings | Feb 19 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Exposure Models’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.