200 Million Chinese Resumes Leak In Huge Database Breach

According to a report from HackenProof, a database containing resumes of over 200 million job seekers in China was exposed last month. "The leaked info included not just the name and working experience of people, but also their mobile phone number, email, marriage status, children, politics, height, weight, driver license, and literacy level as well," reports The Next Web. From the report: Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, found an unprotected instance of MongoDB containing these resumes on December 28. Diachenko found the resumes in the open database search engines Shodan and BinaryEdge. The 854GB database didn't have any password protection and was open to anyone to read.

Diachenko wasn't able to identify who generated the database or who owned it, but a now-defunct GitHub code repository featured a code that used an identical data structure to the leaked database. The database contained scraped data from multiple Chinese classified websites like bj.58.com. However, in a blog post, the website's spokesperson denied the leak. Interestingly, the database was taken down as soon as Diachenko posted about the database on Twitter. Sadly, the MongoDB log showed at least a dozen IP addresses that read the instance before it went off the grid.

China seems to be a bit more thorough

[bobstreo]

in what job seekers divulge compared to the US.

"marriage status, children, politics, height, weight, driver license" I wonder where their government social scores are tied into this?

Re:China seems to be a bit more thorough

[ShanghaiBill]

Resumes in China usually also include ethnicity and a photo of the applicant.

Job ads will often specify a gender and an age range. In some areas they will even specify a desired ethnicity, usually "Han only", although I have never seen that in a big city.

There are no restrictions on what you can ask in an interview. Age, marital status, number of children, do you have a boyfriend, etc, are all fair game.

This is not just a Chinese thing. This is the way it is in most countries outside North America and the EU.

Social

[dohzer]

Was there any information relating to their social scores? That'd be an interesting leak.

I was asked to review a Chinese person's resume

[kriston]

I was asked to review a Chinese person's resume. The personal details they provide is rather astounding by Western standards. Phrases like "attractive," "young," "single," and "appealing" would be huge red flags here in the US, but I was told it's acceptable for their market and culture.

I felt bad for people who couldn't truthfully advertise themselves as attractive, young, single, and appealing over there.

What a country.

Re:I was asked to review a Chinese person's resume

[The+Evil+Atheist]

Chinese are unashamed about their shallowness. We don't have a filter when it comes to judging someone by their looks, their bling, and other superficial qualities.

As a Chinese person living in the West, it's a shame to see Westerners not appreciating the modern culture they have about accepting people for on the kind of person they are.

Why is it always MongoDB?

[93+Escort+Wagon]

It seems like whenever a story appears regarding an unprotected database being exposed on the web, inevitably it’s an instance of MongoDB. Why is that?

I mean, we’re not talking about a database exploit which inadvertently exposed the data... we’re talking about user error. So why are all these piss-poor admins running MongoDB?

Re:Why is it always MongoDB?

[Wookie+Monster]

Is it truly always MongoDB or do you tend to observe these case more often? My selection bias always tends to observe cases of unprotected S3 data being leaked. Another thing to consider in this particular case is that it might not be a "piss-poor" admin, but rather an admin that wanted to easily export the data and sell it after they got fired. This raises another question: how many people approved of this configuration, and will they all be held accountable?