200 Million Chinese Resumes Leak In Huge Database Breach

According to a report from HackenProof, a database containing resumes of over 200 million job seekers in China was exposed last month. "The leaked info included not just the name and working experience of people, but also their mobile phone number, email, marriage status, children, politics, height, weight, driver license, and literacy level as well," reports The Next Web. From the report: Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, found an unprotected instance of MongoDB containing these resumes on December 28. Diachenko found the resumes in the open database search engines Shodan and BinaryEdge. The 854GB database didn't have any password protection and was open to anyone to read.

Diachenko wasn't able to identify who generated the database or who owned it, but a now-defunct GitHub code repository featured a code that used an identical data structure to the leaked database. The database contained scraped data from multiple Chinese classified websites like bj.58.com. However, in a blog post, the website's spokesperson denied the leak. Interestingly, the database was taken down as soon as Diachenko posted about the database on Twitter. Sadly, the MongoDB log showed at least a dozen IP addresses that read the instance before it went off the grid.

China seems to be a bit more thorough

[bobstreo]

in what job seekers divulge compared to the US.

"marriage status, children, politics, height, weight, driver license" I wonder where their government social scores are tied into this?

Re:China seems to be a bit more thorough

[Tablizer]

Commies be commies.

Re: China seems to be a bit more thorough

Communist party members have preference.

Are you new to communism???

Re: China seems to be a bit more thorough

I love communism so much I would give up all my earthly possessions to get a chance to become communist. And now maybe I should read up on communism lol

Re:China seems to be a bit more thorough

You mean it wasn't 1 resume badly copied 200 million times?

Re:China seems to be a bit more thorough

Boom, eggroll.

Re:China seems to be a bit more thorough

[ShanghaiBill]

Resumes in China usually also include ethnicity and a photo of the applicant.

Job ads will often specify a gender and an age range. In some areas they will even specify a desired ethnicity, usually "Han only", although I have never seen that in a big city.

There are no restrictions on what you can ask in an interview. Age, marital status, number of children, do you have a boyfriend, etc, are all fair game.

This is not just a Chinese thing. This is the way it is in most countries outside North America and the EU.

Re:China seems to be a bit more thorough

> This is not just a Chinese thing. This is the way it is in most countries outside North America and the EU.
Hmm. I have yet to see a china-related post of yours that is significantly critical. Here you draw an equivalence with other countries to justify china's rather intrusive questions, so china is 'relatively ok'.
In addition, you give no evidence that non-EU/US countries do this; how could you possibly know how nearly 200 other countries do it?
This is all *very* curious.

Re:China seems to be a bit more thorough

"There are no restrictions on what you can ask in an interview"

Thankfully there are plenty of restrictions on what can be asked here in Australia.

What you Yanks get away with is borderline barbaric in comparison.

https://www.abc.net.au/news/2018-03-19/questions-you-cannot-be-asked-in-a-job-interview/9554954

Re:China seems to be a bit more thorough

[djinn6]

There are no restrictions on what you can ask in an interview. Age, marital status, number of children, do you have a boyfriend, etc, are all fair game.

Are there restrictions on what you can lie about?

I'm 25, unmarried, no children, no boyfriend, no parents, no friends in fact. I can weigh however much you want me to weigh, be however tall you want me to be, and it would be the greatest honor to die by karoshi while in service of your company.

Re:China seems to be a bit more thorough

Absolutely not here to comment on what you think of as the curious nature of ShanghaiBill's postings (or not), but as an American who's now in Germany, it was (and constantly is) quite a bit of a surprise as to exactly what is common & expected (nevermind allowed) when it comes to things like resume's, job interviews, and even housing/apartments... some of this crap is (or was) even required by law.
Pictures are 100% common & expected on resume's here & not some informal cell-phone photo - that would probably disqualify you from most skilled jobs. You need a decent, polished, professional type shot on there. I don't think age is *required* anymore, but your birthdate should be not to far below your full name on your resume (including maiden name, if applicable). Even if you wanted to leave it off, they will know right away based on the diplomas, cirtifications & other supporting material you need to attach. Martial Status & number of kids goes next (seriously), though it is optional. If you are just getting your carrier started & without a significant job history, you might also list what your parents did for a living. During the interview, I doubt there is much that would be considered an "illegal" question.

On the housing side, be prepared to be subjected to the whims of whoever is renting (or selling) to you. Ads that *specify* a specific age bracket are not at all uncommon. I don't think I see "no kids", but I definitely see things that effectively say "unsuitable for children". If you are a 20 or 30-something couple (with or without children), I wouldn't even bother inquiring about those places as well. You also meet & interview with the owner of the property in most cases (this is after the property manager or real-estate agent already filters you out).
America's anti-discrimination laws are a good thing, unfortunately they have not yet been adopted everywhere.

Re:China seems to be a bit more thorough

Replying to your reply... Interesting. Disturbing too, and in germany? Amazed.
Regarding photos, I recently worked in london for a large recruiting company; directly worked for them in the office, with the recruiters. I can say nobody gave a flying fuck for your picture. At all. They *do not care* because it's irrelevant.
I've been a contractor in the UK for many companies/recruiters. Nobody gives a FF for anything except your ability to do the work.

Re:China seems to be a bit more thorough

[DNS-and-BIND]

Ah, yes, the good old Western supremacist view. Looking down on other cultures while celebrating your oh-so-superior one. Hey, quick quiz, who invented Jim Crow laws? Who used nuclear weapons on civilian targets? When you point the finger at others, three other fingers are pointing back at you.

Re:China seems to be a bit more thorough

That wouldn't make the first 'finger' wrong though.

Re: China seems to be a bit more thorough

EU has a standard resume form. A picture, marital status and/or birth date and residential address are all fields on it

Re: China seems to be a bit more thorough

Alexandria Ocasio-Cortez? You post on Slashdot?

Re:China seems to be a bit more thorough

There is a very simple test to determine who has the superior country- if people are trying to leave, it's inferior, and if they are trying to enter, it's superior.

Re:China seems to be a bit more thorough

Presumably "is obviously lying" is a disqualifying trait as the sales department wants employees who lie convincingly and everyone else wants their employees to not be a lying scumbag.

Re:China seems to be a bit more thorough

https://www.washingtonpost.com/news/worldviews/wp/2017/01/27/even-before-trump-more-mexicans-were-leaving-the-us-than-arriving/?noredirect=on&utm_term=.bfc6bf9f26a3

So I guess Mexico is superior to the US?

Social

[dohzer]

Was there any information relating to their social scores? That'd be an interesting leak.

"and literacy level as well"

"Please don't let me be in the database, please don't let me be in the database..." -Trump Jr.

Re:"and literacy level as well"

Maybe not, but Elon Musk's provisional Green Card may be listed...

Re: "and literacy level as well"

Yes because people we dont like are obviously stupid because otherwise they would agree with us. -sjw twit

Please send your spam to them and leave me alone

Just for a little while please... I know they don't have much money, but with 200 million of them, there must be a few who will help the Nigerian prince...

Fascinating for research

That would be an incredible dataset for comparing education and skill set trends against age, location, career history and education history.

Re:Fascinating for research

Yes... yes. Such data would lend itself to various.... various things. Excellent. Carry on, I mean... with the research..

Re:Fascinating for research

[AHuxley]

Great for CIA, GCHQ, MI6 efforts in China.
Find out who has a passport and had approval to travel outside China.
Be interesting to count the number of forigners by year.
Is China accepting less applications from forigners now than over the past decade?

Re:Fascinating for research

[ShanghaiBill]

Find out who has a passport and had approval to travel outside China.

They don't need approval to travel. With a few narrow exceptions, such as paroled criminals, anyone in China can get a passport.

The Mao era ended 43 years ago.

More Chinese travel abroad than citizens of any other country.

Re: Fascinating for research

You're not going to convince brainwashed trumpite trumpeters of anything truthful. Just hope they build the wall and are all contained.

Re:Fascinating for research

[AHuxley]

Re "travel abroad than citizens of any other country."
Who have to get government approval to get a passport.
Use the wrong political words online and that approval is difficult.
A Communist nation allows its trusted citizens permission to travel.

Don't worry

Mitch McConnell will handle it. Hey honey? /throat gurgling (unintelligible)

I was asked to review a Chinese person's resume

[kriston]

I was asked to review a Chinese person's resume. The personal details they provide is rather astounding by Western standards. Phrases like "attractive," "young," "single," and "appealing" would be huge red flags here in the US, but I was told it's acceptable for their market and culture.

I felt bad for people who couldn't truthfully advertise themselves as attractive, young, single, and appealing over there.

What a country.

Re:I was asked to review a Chinese person's resume

[alvinrod]

I felt bad for people who couldn't truthfully advertise themselves as attractive, young, single, and appealing over there.

What makes you think people are any more truthful about that than the other crap on their resumes?

Not that the Chinese are unique in this regard, but resumes tend to be as much bullshit as the person thinks they can get away with. I've seen a few that could qualify for the Pulitzer prize for fiction. Of course, you can't blame people for doing it when the requirements the company posts are just as big of a load of bullshit.

Re:I was asked to review a Chinese person's resume

Maybe thats why no one will hire me. Maybe I just need to fling out some BS.

Re:I was asked to review a Chinese person's resume

[The+Evil+Atheist]

Chinese are unashamed about their shallowness. We don't have a filter when it comes to judging someone by their looks, their bling, and other superficial qualities.

As a Chinese person living in the West, it's a shame to see Westerners not appreciating the modern culture they have about accepting people for on the kind of person they are.

Re:I was asked to review a Chinese person's resume

So if a Chinese guy has a 4" penis, he can (truthfully) put "large penis" on his resume?

Re:I was asked to review a Chinese person's resume

[liquid_schwartz]

As a Chinese person living in the West, it's a shame to see Westerners not appreciating the modern culture they have about accepting people for on the kind of person they are.

It's probably because while we are certainly the most accepting we are also the most criticized for ... not being accepting. It's in the process of back firing as we speak. Eventually people have had enough and tune out.

Re:I was asked to review a Chinese person's resume

I'm young on a geologic scale.

Re:I was asked to review a Chinese person's resume

[kriston]

I did not mention that they were required to include a photograph of themselves.

Re: That's a lot of rickshaws

You might... wanna leave that off your resume.

Why is it always MongoDB?

[93+Escort+Wagon]

It seems like whenever a story appears regarding an unprotected database being exposed on the web, inevitably it’s an instance of MongoDB. Why is that?

I mean, we’re not talking about a database exploit which inadvertently exposed the data... we’re talking about user error. So why are all these piss-poor admins running MongoDB?

Re:Why is it always MongoDB?

[Wookie+Monster]

Is it truly always MongoDB or do you tend to observe these case more often? My selection bias always tends to observe cases of unprotected S3 data being leaked. Another thing to consider in this particular case is that it might not be a "piss-poor" admin, but rather an admin that wanted to easily export the data and sell it after they got fired. This raises another question: how many people approved of this configuration, and will they all be held accountable?

Re:Why is it always MongoDB?

[stevez67]

Really? User error? So completely and obviously unprotected? Can't think of any reasons to open such a db, briefly, on purpose?

Re:Why is it always MongoDB?

Older versions of mongo didn't have authentication enabled by default -- you had to opt-in & set it up. Even as they started pushing you toward using auth with newer versions / updates, nothing forced your hand to turn auth on. Also factor in the type of user that chooses mongo in the first place & there you go.

Re:Why is it always MongoDB?

[nctritech]

Because MongoDB is web scale.

Re: Why is it always MongoDB?

[GillBates0]

Hilarious, thanks.

Re:Why is it always MongoDB?

It seems like whenever a story appears regarding an unprotected database being exposed on the web, inevitably it’s an instance of MongoDB. Why is that?

Because it's cheap?

I mean, we’re not talking about a database exploit which inadvertently exposed the data... we’re talking about user error.

Users are lazy, ignorant and often stupid to boot. User errors are unsurprising.

So why are all these piss-poor admins running MongoDB?

Because that's what all the cool kids are using. Don't you want to be like them?

Re:Why is it always MongoDB?

[Zocalo]

Now that I'm thinking about it, I'd have to go with S3 buckets being the one I can recall most stories about as well, but in many breaches it's often not stated what the backend is unless you start to dig into the details of the breach, and sometimes not even then, so who knows what the real breakdown is? Also, it's probably got as much to do with relative market share as anything else; if you have x% of the market, then x% of the breaches is going to be par for the course if your code and average level of user DBA competence are on a par with everyone else's.

Re:Why is it always MongoDB?

Because MongoDB is funded by CIA's In-Q-Tel

Re:Why is it always MongoDB?

Is it because the Mongolians are pretty good at breaking through the Great Firewall of China?

Re:Why is it always MongoDB?

[gtall]

I second GillBates0 below, that made my entire day.

Trump's issues go beyond illiteracy, snowflake lol

So rhetorically you think the default position is "don't like stupid people"? How is that, aren't you a Trump supporter? I'll have you know, SOME stupid people are very WELL LIKED. Certainly not Trump though.

But the implication that Trump is only disliked for being stupid... it's insulting, I'm going to avoid the question in front of the TV audience, Jeanine. Me, work for Russia? What, me worry? Mueller who?

He's disliked for being a fucking traitor. It's not just ineptitude or lack of reading. It's lack of character, lack of integrity. Not a damn person in the world believes Trump's word now.

It's not just that he's a retard who pretends to have written a book despite the actual author of said book trashing him publicly for being a liar. That's a grain on the beach here.

This is why I went into business for myself

Stupid people go work for others and suffer the consequences. Smart people do for themselves what the rest can't.

Re: That's a lot of rickshaws

YOU NO MESS WITH LO WANG.

The IT admin's resume needs an update

[nadass]

Whomever the IT admins (network, systems, cloud, dev) were that facilitated this, I wonder if their resumes were in there. But mostly, I wonder if they'll update their resumes to reflect the more truthful facts regarding their lapse in proper security practices.

Re:Small Penis Rhino Killers

That's what Chinese are. The Chinese ARE KILLING THE RHINOS because of your tiny little cocks.

SO FUCKING PATHETIC.

danger = P(threat) * Consequences(threat)

So if my resume gets leaked I, umm... get extra job offers? Those hacking bastards!

Re:danger = P(threat) * Consequences(threat)

[GameboyRMH]

Well even if you're the post-privacy type, you become much more vulnerable to identity theft for one thing...

Re: Trump's issues go beyond illiteracy, snowflake

You're thinking to small. Trump is hated because the middle-class finally figured out that he's the only man to fuck up the globalist / neo-feudalist movement that's been selling them out.

Keep pushing, and soon you'll WW3 where the liberal urban areas (cities) get nuked! You don't realize it, but is Trump supporters are trying to both save you from yourselves and us too.

Re: Small Penis Rhino Killers

The whole cock thing is a bit bullshit. If not, why wouldn't they use Viagra? It is easily available, cheap and works. The rhino horn dust is consumed in several Asian countries because it is difficult to get and expensive. This shows that the person using it is wealthy. Whether it works doesn't matter at all, but it needs to have some presumed function, as just demonstrating wealth for no reason is frowned upon.

Holy Shit...

Holy shit! I can't tell you how uninterested I am in this. I just can't even care.

I mean, why should anyone care that something intended to advertise a person for a job gets spread all over so that more people see it. It seems that the owner of the resume would see this as a positive.

Back to cat pictures. Toodles.

You're imagining things

> Ah, yes, the good old Western supremacist view. Looking down on other cultures while celebrating your oh-so-superior one

That idea came from you, not from any of the posts up thread from here. I just want to point that out, you'll have to discuss your inferiority complex with your psychologist.

> Hey, quick quiz, who invented Jim Crow laws?

It's interesting that you picked a specific law instead of something more general, otherwise we could go back to things like the caste system which created permanent legal underclasses, or the Barbary slave trade. The word 'slave', for example, comes from 'Slav', you know, those people from the Baltic region who got enslaved a lot. The concept of slavery itself goes back much further, though.

> Who used nuclear weapons on civilian targets?

Why did you pick this, rather than using weapons of war on civilians in general? Or why not by death toll, or would that invite comparison to the brutality of other regimes and horrors like Holodomor? I think you have a naive view of war if you think that there's a clean separation between military and civilian targets or that either side in a total war would be so concerned. Did no civilians die in Pearl Harbor? Were the balloon bombs sent through the jet stream only aimed at military targets?

Surely the lesson here should be that war is hell and that we should stop waging it, no? Why do we need to decide whose ancestors were worse, and even if we did, why did you cheat with your standard of measurement as if nothing else horrible ever happened in this world? It's ironic, but the pure hell unleashed by that bomb has made at least a generation or two afraid to wage a war that would see it unleashed again, so at least there's some silver lining to that very dark cloud.

> When you point the finger at others, three other fingers are pointing back at you.

Then why did you point the first finger? The fact that you saw a finger pointed at you from those posts which did no such thing only makes you look guilty.

Re: You're imagining things

Your story about slave is half true. It came from Slav, but not from Baltic but the balkans under the occupation of the ottomans

Re: You're imagining things

are you sure about that? New Oxford American Dictionary says:

"Middle English: shortening of Old French esclave, equivalent of medieval Latin sclava (feminine) 'Slavonic (captive)': the Slavonic peoples had been reduced to a servile state by conquest in the 9th century."

that doesn't say who was responsible for the conquest, but it does stipulate a time period (9th century). The Ottoman Empire was, according to that vast bastion of knowledge warehoused in Wikipedia, "between the 14th and early 20th centuries." It then clarifies that the rise began circa 1299, so just at the end of the 13th century making a 14 century start only technically incorrect.[1]

So who did enslave them? According to the BBC[2] that would be "Muslims of Spain" so it would appear to be "spaniards" or "moors" depending on your naming bent.

But apparently Russian linguistic scholars dispute the root of the English word "slave"[3] though its hard to take it seriously when they reverse the etymology (claiming that 'slav' comes from 'slave' rather than the other way around) and insist that the similar forms don't appear until the 13th century, which is at odds with medieval latin and old french. The intent of the dispute seems to be an attempt at distancing 'Slav' from 'slave' by insisting that they are coincidental homonyms, perhaps due to misguided patriotism. Kind of like the nutjobs who insist on renaming "french fries" as "freedom fries" out of a desire to reject the historical partnership between the USA and France.

In short, if you want to dispute the etymology of 'slave' from 'Slav' you are going to have to go after the actual etymology, not some strawman about the Ottoman Empire.

1) https://en.wikipedia.org/wiki/Ottoman_Empire
2) http://www.bbc.co.uk/worldservice/africa/features/storyofafrica/9chapter1.shtml
3) https://www.rbth.com/arts/history/2017/07/17/myths-of-russian-history-does-the-word-slavs-derive-from-the-word-slave_804967

Who is "200 Million Chinese"?

Why didn't they dump all of the data at once, and why resume now?

I hear there's a group out there that goes by the name "Inquiring Minds" and they want to know.