MongoDB is well known and popularly used database in IT industries but it has failed in providing security to the data. Millions of Job seekers data leak from MongoDB server through their resume.
According to the recent cybersecurity research, it has found that there was access of more than 202 million Chinese citizens’ data over the internet to anyone without any authentication.
These databased contained 202,730,434 records about the Chinese citizens who were seeking for the job. These data were also not only the email address but complete personal information such as full name, date of birth, phone number, email address, marriage status, driving license related information, professional experience, job expectations, home address literacy level, salary expectations and many more.
The data was 854.8 GB stored in an instance of MongoDB, a NoSQL high performance and cross-platform document oriented database. It was hosted by an American server hosting company.
Director of cyber risk research at Hacken.io and bug bounty platform HackenProof, named “Bob Diachenkko” discovered this database two weeks ago, which had been secured shortly after his notification on Twitter.
Diachenko said, “MongoDB log showed around dozens of IPs which accessed these data before it was taken offline.” I don’t think that dozens of IPs in terms of security is less number. However the source of the data is still unknown.
According to Diachenko, someone might have used some scraping tool to get the data from the job seekers resume from different Chinese classified websites, like bj.58.com. This is because, the format of the leaked database that he got was exactly matching with the scraping tool stores the collected information. However, the main question is, is the security of the MongoDB not that strong?
This is not MongoDB data leak. Diachenko have published number of similar reports which glance you unprotected MongoDB servers exposed billion of records.
Stay alert before you share your resume anywhere online !!!