[ad_1]
Ladders, one of the most popular recruitment sites in the US and specializing in high-end jobs, has revealed more than 13.7 million user records, following a security breach .
The New York-based company has left an Amazon Elasticsearch database hosted without a pbadword, allowing anyone to access the data. Sanyam Jain, a security researcher and member of the GDI Foundation, a non-profit organization dedicated to securing exposed or leaked data, found the database and reported the results to TechCrunch to secure the data.
Less than an hour after TechCrunch reached out, Ladders had put the database offline.
Marc Cenedella, General Manager, confirmed the exhibition in a brief statement. "AWS confirms that our AWS Managed Elastic Search is secure and that Ladders employees can access it only at the indicated IP addresses. We will study this potential flight and appreciate your help to do so, "he said.
TechCrunch verified the data by contacting more than a dozen site users. Several confirmed that their data matched their Ladders profile. A responding user indicated that he was "no longer using the site" as a result of the violation.
Each record included names, e-mail addresses and their employment history, such as their employer and job title. User profiles also contain information about the sector in which they are seeking employment and their current remuneration in US dollars.
Many files also contained detailed job descriptions of their previous job, similar to a resume.
Although some of the data may be viewed publicly by other users of the site, much of this data contained personal and sensitive information, including e-mail addresses, postal addresses, phone numbers, and approximate geolocation based on their data. IP adress.
The database contained years of data.
Some records included their work permits, for example if it was a US citizen or a visa, such as an H1-B. Others have listed their US security clearance alongside their corresponding jobs, such as telecommunications or the military.
More than 379,000 recruiters' information was also exposed, although the data is not as sensitive.
Security researcher Jain recently discovered a leak in the Wi-Fi pbadword database and in a main exposed database for a family tracking application, including real-time location data for children.
Read more:
Source link
