Unprotected Elasticsearch DB exposed 33 Million job profiles in China

Security expert discovered an unprotected Elasticsearch database exposed online that was containing approximately 33 million job profiles in China. 

Security expert Sanyam Jain at GDI Foundation has discovered an unprotected database exposed online that was containing approximately 33 million profiles for people in China who provided their resume to job recruitment sites. 

The expert discovered the Elasticsearch database using the Shodan search engine, the 57GB archive included a username, gender, age, current city, home address, email address, phone number, marriage status, job history, education history, and salary history.

Jain discovering the ElasticSearch database on March 10th, 2019, but he was able to discover who was the owner of the archive.

The analysis of the archive allowed the expert to discover references to multiple Chinese job recruitment sites such as 51Jobs, lagou, and Zhilian.

“During the initial investigation what I have found is that the customer profiles for the companies 51Jobs, lagou, and Zhilian recruitment are being stored in the database. I believe that a third-party is aggregating the information from these companies and using them in some way.” Jain told to BleepingComputer.

The availability of this data potentially exposed people to several malicious activities such as scams and identity theft. The knowledge of the salary for so many people could be used by businesses to hire employees from their original companies.

Jain reported his findings to CNCERT, the China Cyber emergency response team, on March 11, 2019. The CNCERT told the expert it had identified the owner of the IP address as “北京机到网络科技有限公司” and that he contacted him to take the database offline.

The Elasticsearch database was shutdown on March 13, 2019.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – China data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]