The 854-GB database was available for anyone to grab for a week. Information scrapped from Chinese job portals includes names, mobile numbers, and political affiliation.
A mega database with more than 200 million resumes of Chinese jobseekers has been leaked in one of the biggest China-related data exposures ever, according to European bug bounty platform HackenProof.
Bob Diachenko, a Ukraine-based security researcher with HackenProof, on December 28 found an open, unprotected database server containing detailed CVs from over 202 million Chinese users, he said in a post published this week. The resumes included sensitive information, from names to mobile numbers to marriage status to political affiliation.
The US-based database has a size of 854 GB, and 202,730,434 records in total, according to Diachenko, giving screenshots of his findings via two data search engines.
Four security researchers contacted by the Post said the data leak described by Diachenko sounded plausible.
“It's like someone leaving their phone out in the public with no passwords protected,” said Jane Wong, a tech blogger who has a history of uncovering hidden features in big internet platforms such as Facebook and Instagram.
Diachenko said the database in question was open to the public from December 23-28, but was taken offline soon after he first reported the case on Twitter. At least a dozen IP addresses have downloaded the data.
PUBLISHED : Friday, 11 January, 2019, 5:30pm
UPDATED : Friday, 11 January, 2019, 5:35pm