Bob Diachenko, Director of Cyber Risk Research at Hacken.io has shed light on a cybersecurity issue that may concern a lot of Chinese job seekers. The security researcher late last year found that over 202 million Chinese users’ data was exposed. These were stored on a database server and were freely available online.
The compromise was a significant one as detailed CVs of as many as 202,730,434 people were left unprotected. These CVs contained personal details like names, mobile numbers, marriage status, literacy level, driver license, email address and also political affiliations. You could look up the data by simply searching on data search engines like Binary Edge and Shodan where it was indexed. As much as 854 GB sized MongoDB data was left unattended without the protection of a password or a login. These were later only made private after Diachenko made people aware of the problem through twitter.
Although it is not clear who owns the data, the records seem to have data from Chinese classifieds BJ.58.com. When Diachenko reached out to 58.com, they chose to deny the possibility of a data leak from their side. The security researcher has said that the database was open to the public from December 23 to December 28. But at least a dozen IP addresses had downloaded the data in between these dates according to Diachenko.