An unsecured database, whose owner is unknown, has been open for more than three years, compromising the information of 202,730,434 Chinese citizens seeking employment.
When a computer vulnerability affects a Spanish company, all the alarms jump before the millions of people who may be affected. But if that same security hole has a Chinese company as its protagonist, the dimensions of the problem become titanic.
An unsecured database has been open for more than three years, compromising the information of 202,730,434 Chinese citizens seeking employment. According to security researcher Bob Diachenko, discoverer of the ruling, cybercriminals would have frequently accessed this repository, so the privacy of these people has been completely violated. “It is worth noting that the MongoDB registry showed at least a dozen IPs that could have accessed the data before they were disconnected,” says the expert on his blog.
The problem comes from a MongoDB database completely open to the public, which could be easily found using Shodan, Binary Edge or any other data search engine … whoever knew where to look. And it is not until after this public complaint that the base has been blocked for access by third parties.
Of course, at the moment, nobody knows who this database is and how the data was obtained. Although, according to this same researcher reveals, everything seems to point to the portal 58.com, the equivalent to Craigslist for the Chinese market. However, 58.com has already denied being behind the database, saying it may be a third party that was using your data.
“We have searched our entire database and researched the entire storage system, and we have determined that the data has not been filtered by us. It seems that the data is filtered from a third party that scrapes data from many employment websites.”