Resume information about more than 200 million Chinese job-seekers was exposed on an insecure database accessed in December by a researcher from Hacken, a cybersecurity company.
Bob Diachenko, director of cyber risk research at Hacken.io and the bug bounty platform HackenProof, announced Thursday that he found a 854 gigabyte MongoDB database containing 202,730,434 records about job candidates from China. The files contained candidates’ skills and work experience, as well as their mobile phone number, email address, marriage status, political leanings, height, weight, driver’s license information and salary expectations, among other personal data. Not every field was filled-in for each individual, Diachenko said.
The database did not require visitors to enter a username or password to access the information, Diachenko wrote. While the owner of the database remains unclear, Diachenko explained that the information appears to have originated from a tool used to scrape data from the websites of Chinese classifieds.
“It is unknown whether it was an official application [of the tool] or illegal one used to collect all the applicants’ details, even those labeled as ‘private,’” he wrote.
The database was secured roughly one week after Diachenko first tweeted about the matter on Dec. 28, he said.
The security team at BJ.58.com, a Chinese classifieds company, told Diachenko the data did not leak from there, but suggested it originated with a third party firm that collects data from many professional sites.
This discovery comes months after Diachenko discovered another MongoDB database had exposed personal records including email addresses, names, genders and physical addresses for nearly 11 million Yahoo users.