Submission + - Chinese HR Firms Have Leaked Over 590 Million Resumes via Open Databases (zdnet.com) 2
An anonymous reader writes: Over the past few months, and especially over the last few weeks, ZDNet has received several tips about exposed servers that --when investigated-- belonged to Chinese HR-focused companies. From tiny firms exposing a handful of CVs to professional executive head-hunting firms, they've all leaked their customers' details, in one form or another.
In total, these companies have leaked a whopping 590 million resumes in the first three months of the year, in leaks via just ten databases. Most of the resume leaks have occurred because of poorly secured MongoDB databases and ElasticSearch servers that have been left exposed online without a password, or have ended up online following unexpected firewall errors.
While the biggest leak was of 202 million CVs, the most interesting one came from a headhunting firm for Chinese executives, which leaked details about the higher-ups in China's major companies, a leak that would have been a goldmine for spear-phishing and BEC scammers.
In total, these companies have leaked a whopping 590 million resumes in the first three months of the year, in leaks via just ten databases. Most of the resume leaks have occurred because of poorly secured MongoDB databases and ElasticSearch servers that have been left exposed online without a password, or have ended up online following unexpected firewall errors.
While the biggest leak was of 202 million CVs, the most interesting one came from a headhunting firm for Chinese executives, which leaked details about the higher-ups in China's major companies, a leak that would have been a goldmine for spear-phishing and BEC scammers.
How much of problem is this? (Score:2)
A CV is a document that you write specifically for publication to unknown people to read, and hopefully make you a job offer. If you put things in it that can be used to spear-fish you, then surely you're going to be aware that this datum is public knowledge, and disregard it appropriately. Quite likely you'll include a few Mountweazles [wikipedia.org].