Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Businesses China Databases Technology

200 Million Chinese Resumes Leak In Huge Database Breach (thenextweb.com) 70

According to a report from HackenProof, a database containing resumes of over 200 million job seekers in China was exposed last month. "The leaked info included not just the name and working experience of people, but also their mobile phone number, email, marriage status, children, politics, height, weight, driver license, and literacy level as well," reports The Next Web. From the report: Bob Diachenko, Director of Cyber Risk Research at Hacken.io and bug bounty platform HackenProof, found an unprotected instance of MongoDB containing these resumes on December 28. Diachenko found the resumes in the open database search engines Shodan and BinaryEdge. The 854GB database didn't have any password protection and was open to anyone to read.

Diachenko wasn't able to identify who generated the database or who owned it, but a now-defunct GitHub code repository featured a code that used an identical data structure to the leaked database. The database contained scraped data from multiple Chinese classified websites like bj.58.com. However, in a blog post, the website's spokesperson denied the leak. Interestingly, the database was taken down as soon as Diachenko posted about the database on Twitter. Sadly, the MongoDB log showed at least a dozen IP addresses that read the instance before it went off the grid.

This discussion has been archived. No new comments can be posted.

200 Million Chinese Resumes Leak In Huge Database Breach

Comments Filter:
  • by bobstreo ( 1320787 ) on Sunday January 13, 2019 @09:12PM (#57956882)

    in what job seekers divulge compared to the US.

    "marriage status, children, politics, height, weight, driver license" I wonder where their government social scores are tied into this?

    • by Tablizer ( 95088 )

      Commies be commies.

    • by Anonymous Coward

      Communist party members have preference.

      Are you new to communism???

    • by Anonymous Coward

      You mean it wasn't 1 resume badly copied 200 million times?

    • by ShanghaiBill ( 739463 ) on Sunday January 13, 2019 @11:24PM (#57957210)

      Resumes in China usually also include ethnicity and a photo of the applicant.

      Job ads will often specify a gender and an age range. In some areas they will even specify a desired ethnicity, usually "Han only", although I have never seen that in a big city.

      There are no restrictions on what you can ask in an interview. Age, marital status, number of children, do you have a boyfriend, etc, are all fair game.

      This is not just a Chinese thing. This is the way it is in most countries outside North America and the EU.

      • by djinn6 ( 1868030 )

        There are no restrictions on what you can ask in an interview. Age, marital status, number of children, do you have a boyfriend, etc, are all fair game.

        Are there restrictions on what you can lie about?

        I'm 25, unmarried, no children, no boyfriend, no parents, no friends in fact. I can weigh however much you want me to weigh, be however tall you want me to be, and it would be the greatest honor to die by karoshi while in service of your company.

      • Ah, yes, the good old Western supremacist view. Looking down on other cultures while celebrating your oh-so-superior one. Hey, quick quiz, who invented Jim Crow laws? Who used nuclear weapons on civilian targets? When you point the finger at others, three other fingers are pointing back at you.
        • by Anonymous Coward

          > Ah, yes, the good old Western supremacist view. Looking down on other cultures while celebrating your oh-so-superior one

          That idea came from you, not from any of the posts up thread from here. I just want to point that out, you'll have to discuss your inferiority complex with your psychologist.

          > Hey, quick quiz, who invented Jim Crow laws?

          It's interesting that you picked a specific law instead of something more general, otherwise we could go back to things like the caste system which created permane

  • Social (Score:5, Interesting)

    by dohzer ( 867770 ) on Sunday January 13, 2019 @09:13PM (#57956886)

    Was there any information relating to their social scores? That'd be an interesting leak.

  • by Anonymous Coward

    That would be an incredible dataset for comparing education and skill set trends against age, location, career history and education history.

    • by AHuxley ( 892839 )
      Great for CIA, GCHQ, MI6 efforts in China.
      Find out who has a passport and had approval to travel outside China.
      Be interesting to count the number of forigners by year.
      Is China accepting less applications from forigners now than over the past decade?
      • Find out who has a passport and had approval to travel outside China.

        They don't need approval to travel. With a few narrow exceptions, such as paroled criminals, anyone in China can get a passport.

        The Mao era ended 43 years ago.

        More Chinese travel abroad than citizens of any other country.

        • by AHuxley ( 892839 )
          Re "travel abroad than citizens of any other country."
          Who have to get government approval to get a passport.
          Use the wrong political words online and that approval is difficult.
          A Communist nation allows its trusted citizens permission to travel.
  • by kriston ( 7886 ) on Sunday January 13, 2019 @09:41PM (#57956966) Homepage Journal

    I was asked to review a Chinese person's resume. The personal details they provide is rather astounding by Western standards. Phrases like "attractive," "young," "single," and "appealing" would be huge red flags here in the US, but I was told it's acceptable for their market and culture.

    I felt bad for people who couldn't truthfully advertise themselves as attractive, young, single, and appealing over there.

    What a country.

    • I felt bad for people who couldn't truthfully advertise themselves as attractive, young, single, and appealing over there.

      What makes you think people are any more truthful about that than the other crap on their resumes?

      Not that the Chinese are unique in this regard, but resumes tend to be as much bullshit as the person thinks they can get away with. I've seen a few that could qualify for the Pulitzer prize for fiction. Of course, you can't blame people for doing it when the requirements the company posts are just as big of a load of bullshit.

      • by kriston ( 7886 )

        I did not mention that they were required to include a photograph of themselves.

    • by The Evil Atheist ( 2484676 ) on Monday January 14, 2019 @01:39AM (#57957396)
      Chinese are unashamed about their shallowness. We don't have a filter when it comes to judging someone by their looks, their bling, and other superficial qualities.

      As a Chinese person living in the West, it's a shame to see Westerners not appreciating the modern culture they have about accepting people for on the kind of person they are.
      • As a Chinese person living in the West, it's a shame to see Westerners not appreciating the modern culture they have about accepting people for on the kind of person they are.

        It's probably because while we are certainly the most accepting we are also the most criticized for ... not being accepting. It's in the process of back firing as we speak. Eventually people have had enough and tune out.

  • by 93 Escort Wagon ( 326346 ) on Sunday January 13, 2019 @09:56PM (#57957010)

    It seems like whenever a story appears regarding an unprotected database being exposed on the web, inevitably it’s an instance of MongoDB. Why is that?

    I mean, we’re not talking about a database exploit which inadvertently exposed the data... we’re talking about user error. So why are all these piss-poor admins running MongoDB?

    • by Wookie Monster ( 605020 ) on Sunday January 13, 2019 @10:06PM (#57957046)
      Is it truly always MongoDB or do you tend to observe these case more often? My selection bias always tends to observe cases of unprotected S3 data being leaked. Another thing to consider in this particular case is that it might not be a "piss-poor" admin, but rather an admin that wanted to easily export the data and sell it after they got fired. This raises another question: how many people approved of this configuration, and will they all be held accountable?
      • by Zocalo ( 252965 )
        Now that I'm thinking about it, I'd have to go with S3 buckets being the one I can recall most stories about as well, but in many breaches it's often not stated what the backend is unless you start to dig into the details of the breach, and sometimes not even then, so who knows what the real breakdown is? Also, it's probably got as much to do with relative market share as anything else; if you have x% of the market, then x% of the breaches is going to be par for the course if your code and average level of
    • Really? User error? So completely and obviously unprotected? Can't think of any reasons to open such a db, briefly, on purpose?

    • by Jody Bruchon ( 3404363 ) on Sunday January 13, 2019 @10:55PM (#57957146)
      Because MongoDB is web scale. [youtube.com]
  • Whomever the IT admins (network, systems, cloud, dev) were that facilitated this, I wonder if their resumes were in there. But mostly, I wonder if they'll update their resumes to reflect the more truthful facts regarding their lapse in proper security practices.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...