MongoDB database exposed online CV of 202 million Chinese job seekers

“MongoDB, a NoSQL cross-platform database that keeps documents is hosted by America server was exposed online and contained CVs of over 202 million Chinese job seekers”, revealed by Bob Diachenko from HackenProof.

Once can guess what the CV contains, highly sensitive information including names, date of birth, phone, number, emails, home address, driver license, working experience, skill, hobby etc. The database contained 202,730,434 records having size of around 854.8 GB. The worst part is that, the exposed CVs was unprotected and therefore, anyone can easily view reached to it easily on Internet.

Currently, the data has been secured. Cybersecurity researchers founded 12 IP accessed to the before removing the database. It is not exactly known who the attackers were.

What causes the huge data gathering?

Cybersecurity researchers at the time when noticed IP addresses of remote server, they tried to contact their author but they were not succeed in connecting the database to a specific service. That is why, the exact author is still unclear.

According to Diachenko, GitHub respiratory states:

“The origin of the data remained unknown until one of my Twitter followers pointed to a GitHub repository (page is no longer available but it is still saved in Google cache)  which contained a web app source code with identical structural patterns as those used in the exposed resumes”

However, site’s representatives disagree with the fact that they have any association to the discovered app. They give reply after the Diachenko statement and say:

“We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us.

It seems that the data is leaked from a third party who scrape data from many CV websites.”

A week  after the was taken down

CEO of COmforte security firm says, data was open for everybody not more than a week. By looking into previous incidences where the issues were detected after months, years, or even decades, this issue is nothing.

The detection was easily detected thanks to Cybersecurity researchers who also manage to take it down and now the database has been secured.