A MongoDB database was discovered by Bob Diachenko, director of cyber risk research at HackenProof that contains information of more than 200 million Chinese job seekers. The details include information such as the candidate’s skills, work experience, personal details like names, phone number, address, email IDs, family details, drivers license and much more. The database has records of size that reached 854GB and it is surprising to note that it did not have to be logged in needed any kind of authentication to gain access. Anybody browsing the internet can view it as long as the address is provided correctly.
The Head of enterprise data protection for Comforte, Jonathan Deveaux said that in this data breach, the exposed data was available online for more than a week. At present the database is secured and is no longer accessible and the researchers were able to find that 12 IPs have accessed the database before its removal.
Even though the reason behind the database expose is unknown, these types of incidents shows that data of any kind can be at risk at any time. It is important to take special measures for protecting data and privacy prior to the entry into the database, files and other stored areas in order to minimize vulnerabilities of all sizes.
According to Rod Soto, director of security research at JASK, these incidents that exploit a vulnerable product escalate questions whether the software developers should be asked to include automatic patching of their code, even if this change would bring on additional risks or downtime.
Compelling updates or patched might lead to inadvertent outcomes, but since breaches like these are increasing and the criminal activities that accompany them, it is important to check the pros and cons of making these products unpatched and exposed compared to patching and securing them and dealing with the resulting effects.