A regular sweep of the internet by cyber security firm Cyble uncovered leaked data of over 2.9 crore Indian job-seekers, posing almost as an open invitation for gross misuse by online hackers. The firm claims to have found a 2.3 GB compressed file containing the data on a hacking forum.
The breach included sensitive information such as email IDs, phone numbers, home addresses and work experiences of job seekers from a multitude of Indian cities. “The leak actually has a lot of personal details of millions of Indian job-seekers from different states” said the firm in its blog post.
Cyble initially suspected the source of the sensitive information to be prominent online job portals or resume aggregators that seek information of this nature from their users. However, the updated blog post on Sunday stated that the leak was due to an “unprotected elastic search” instance according to an anonymous tip-off that the firm received.
As for now, Cyble claims to have acquired the leaked data. “Cybel’s team is still investigating this further and will be updating the article as they bring more facts to the surface” the firm said in a statement.
The firm has exposed a series of data leaks like the one in the discussed instance. Earlier, the firm had uncovered one such leak from Bangalore-based Ed Tech firm Unacademy. According to Cyble, nearly 22 million users’ information was compromised. Data was dumped on the dark web and sold off. Further, Cybel exposed a sale of the personal data of 276 million Facebook users for Rs.41,500 in April. The information included e mails, names, Facebook IDs, date of births and phone numbers. Reportedly, passwords were not compromised.
In most instances, these information breaches invite identity thefts, scams, cooperate espionage etc. by the hand of cybercriminals. By the virtue of such leaks, the internet has become a bedlam of cyber crimes.