A massive database containing over 275 million records with personally identifiable information about Indian citizens was allegedly found unprotected and publicly indexed on the Internet. Discovered by a cybersecurity expert, this MongoDB database seems to include data scrapped from various job portals, given the fields in the database like “industry,” “resume ID,” and “functional area.” While some of professional information present in the database isn’t that damaging, the database also included details like name, email address, gender, date of birth, salary, and mobile number, access to which can be exploited by malicious parties. MongoDB is a widely used open-source database management system.
Found by security researcher Bob Diachenko from Securitydiscovery.com on May 1, the database has since been hijacked by hackers known as “Unistellar group”, who have replaced it with a message to contact to restore it, possibly in an exchange of a ransom. If the database being left unprotected wasn’t bad enough, it is now in hands of a hacker group, who may be willing to sell it to anyone.
According to Diachenko, he had immediately contacted Indian Computer Emergency Response Team (CERT) about the unprotected database, but the database remained accessible until May 8, following which it was hijacked by the Unistellar group.
The data available with Shodan, a search engine for Internet-connected devices, reveals that the database was first indexed on April 23, 2019, meaning it was available on the Web for at least two weeks for anyone to access the private information.
It is unclear at this point, who was the owner of the database, but Diachenko speculates that it belonged to an “anonymous person or organization” as part of a massive scraping operation. The owners of the database have seemingly managed to scrap over 275,265,298 records of personal information about Indian job seekers. Diachenko’s assertions about database owner seem plausible considering none of Indian job portals, have anywhere close to 275 million members.
This is not the first time that Diachenko has found an unprotected database leaking private information of millions of users online. Last month, he discovered an Indian state (unnamed) had left details of millions of pregnant women online. The data leak included digitised version of millions of medical forms that included private details.
Reddit is down: It’s not just you or Wall Street
This afternoon Reddit was down for a period of time starting at around 11:29 PST. On January 27, 2021, Reddit was the subject of some scrutiny thanks to the extreme nature of stock prices after recommendations and pushes from Reddit’s various stock-watching communities. The push involved stocks like GameStop, BlackBerry, and the movie theater company AMC. According to official Reddit … Continue reading
OnePlus preparing to leverage cameras like never before
A recent update to the basic OnePlus camera app build in combination with a comment from a Gcam developer makes us believe OnePlus is making big moves in the camera app space. On one hand, it would appear that OnePlus is about to release camera software with features like Focus Peaking, Moon mode, Tilt-shift, and other features on which they’ve … Continue reading
Garmin Lily smartwatch for women may be confused over what they actually want
Garmin today announced a small smartwatch aimed primarily at women. Dubbed the Garmin Lily, the company says that it’s the “smallest smartwatch” it’s ever made, outfitted with a 34mm watch case, 14mm band, and designed in a way that’s “rooted in fashion” according to Susan Lyman, who is Garmin’s vice president of global consumer marketing. Beyond the design, the Lily … Continue reading
Instagram’s updated Stories design for desktop finally arrives
Following a test that first revealed the change a few weeks ago, Instagram has officially rolled out its updated Stories...
Samsung’s reportedly ready to supply foldable displays to rival companies
Enlarge / The Galaxy Z Flip (left) and Galaxy Z Fold 2 (right). Samsung will be selling both of these...
NASA Hot Wheels Mars Perseverance Rover released in time for landing
Hot Wheels revealed a new model in their NASA-associated lineup this week. This is the Hot Wheels Mars Perseverance Rover...
Unstable helium adds a limit on the ongoing saga of the proton’s size
Enlarge / The small particle accelerator in Switzerland where, surrounded by farms, the work took place. Physicists, who dedicate their...
“Warp speed,” “Prime Directive” predate Star Trek, per new reference tool
Enlarge / The term “warp drive” actually predates its first use in the long-running Star Trek franchise by 14 years....
Social12 months ago
CrashPlan for Small Business Review
Gadgets2 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Mobile2 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Social2 years ago
iPhone XS priciest yet in South Korea
Cars2 years ago
What’s the best cloud storage for you?
Security2 years ago
Google latest cloud to be Australian government certified
Social2 years ago
Apple’s new iPad Pro aims to keep enterprise momentum
Cars2 years ago
Some internet outages predicted for the coming month as ‘768k Day’ approaches