200 Million Chinese Resumes Leak In Huge Database Breach

According to a report from HackenProof, a database containing resumes of over 200 million job seekers in China was exposed last month. "The leaked info included not just the name and working experience of people, but also their mobile phone number, email, marriage status, children, politics, height, weight, driver license, and literacy level as well," reports The Next Web. From the report: Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, found an unprotected instance of MongoDB containing these resumes on December 28. Diachenko found the resumes in the open database search engines Shodan and BinaryEdge. The 854GB database didn't have any password protection and was open to anyone to read.

Diachenko wasn't able to identify who generated the database or who owned it, but a now-defunct GitHub code repository featured a code that used an identical data structure to the leaked database. The database contained scraped data from multiple Chinese classified websites like bj.58.com. However, in a blog post, the website's spokesperson denied the leak. Interestingly, the database was taken down as soon as Diachenko posted about the database on Twitter. Sadly, the MongoDB log showed at least a dozen IP addresses that read the instance before it went off the grid.

China seems to be a bit more thorough

[bobstreo]

in what job seekers divulge compared to the US.

"marriage status, children, politics, height, weight, driver license" I wonder where their government social scores are tied into this?

Re:China seems to be a bit more thorough

[ShanghaiBill]

Resumes in China usually also include ethnicity and a photo of the applicant.

Job ads will often specify a gender and an age range. In some areas they will even specify a desired ethnicity, usually "Han only", although I have never seen that in a big city.

There are no restrictions on what you can ask in an interview. Age, marital status, number of children, do you have a boyfriend, etc, are all fair game.

This is not just a Chinese thing. This is the way it is in most countries outside North America and the EU.

Re:China seems to be a bit more thorough

Absolutely not here to comment on what you think of as the curious nature of ShanghaiBill's postings (or not), but as an American who's now in Germany, it was (and constantly is) quite a bit of a surprise as to exactly what is common & expected (nevermind allowed) when it comes to things like resume's, job interviews, and even housing/apartments... some of this crap is (or was) even required by law.
Pictures are 100% common & expected on resume's here & not some informal cell-phone photo - that would probably disqualify you from most skilled jobs. You need a decent, polished, professional type shot on there. I don't think age is *required* anymore, but your birthdate should be not to far below your full name on your resume (including maiden name, if applicable). Even if you wanted to leave it off, they will know right away based on the diplomas, cirtifications & other supporting material you need to attach. Martial Status & number of kids goes next (seriously), though it is optional. If you are just getting your carrier started & without a significant job history, you might also list what your parents did for a living. During the interview, I doubt there is much that would be considered an "illegal" question.

On the housing side, be prepared to be subjected to the whims of whoever is renting (or selling) to you. Ads that *specify* a specific age bracket are not at all uncommon. I don't think I see "no kids", but I definitely see things that effectively say "unsuitable for children". If you are a 20 or 30-something couple (with or without children), I wouldn't even bother inquiring about those places as well. You also meet & interview with the owner of the property in most cases (this is after the property manager or real-estate agent already filters you out).
America's anti-discrimination laws are a good thing, unfortunately they have not yet been adopted everywhere.

Social

[dohzer]

Was there any information relating to their social scores? That'd be an interesting leak.

I was asked to review a Chinese person's resume

[kriston]

I was asked to review a Chinese person's resume. The personal details they provide is rather astounding by Western standards. Phrases like "attractive," "young," "single," and "appealing" would be huge red flags here in the US, but I was told it's acceptable for their market and culture.

I felt bad for people who couldn't truthfully advertise themselves as attractive, young, single, and appealing over there.

What a country.

Re:I was asked to review a Chinese person's resume

[The+Evil+Atheist]

Chinese are unashamed about their shallowness. We don't have a filter when it comes to judging someone by their looks, their bling, and other superficial qualities.

As a Chinese person living in the West, it's a shame to see Westerners not appreciating the modern culture they have about accepting people for on the kind of person they are.

Why is it always MongoDB?

[93+Escort+Wagon]

It seems like whenever a story appears regarding an unprotected database being exposed on the web, inevitably it’s an instance of MongoDB. Why is that?

I mean, we’re not talking about a database exploit which inadvertently exposed the data... we’re talking about user error. So why are all these piss-poor admins running MongoDB?

Re:Why is it always MongoDB?

[Wookie+Monster]

Is it truly always MongoDB or do you tend to observe these case more often? My selection bias always tends to observe cases of unprotected S3 data being leaked. Another thing to consider in this particular case is that it might not be a "piss-poor" admin, but rather an admin that wanted to easily export the data and sell it after they got fired. This raises another question: how many people approved of this configuration, and will they all be held accountable?

Re:Why is it always MongoDB?

[nctritech]

Because MongoDB is web scale.