Data of more than 29 million job seekers from India has been leaked on the dark web and the source of this data is not yet clear. US-based Cyber intelligence firm Cyble believes that it could be from one of the several resume aggregators in the country.
In a blog post, the cybersecurity company says the 2.3 GB zipped file was posted on a hacking forum by a threat actor carrying details of the job seekers’ personal data from across different Indian states. The data was available for free.
Cyble says the source of the data leak is still unclear, though given the sheer volume and the details that it contains, the likelihood is that it could have originated from a resume aggregator. The company feels that all job sites that aggregate resumes should be checking for possible hackings.
The company shared images of data from the zipped file to suggest that information has been obtained from different states. In fact, fresh leaks on the dark web suggested that things could be worse than they already are. Two more instances that came to light over the past 12 hours indicate that citizenship details from Aadhar Cards are also leaked.
Cyble founder Beenu Arora says these latest details may have come from two different sources as the details of the Aadhar Cards and data about 1.8 million residents of Madhya Pradesh appeared to originate from elsewhere.
“The original leak appears to be from a resume aggregator service collecting data from various known job portals. Cyble’s team is still investigating this further and will be updating their article as they bring more facts to the surface,” the blog post said.
The data shared during the original leak includes information related to email, phone, home address, work experience, academic qualification and more. Cyble researchers also claimed to have received a tip-off which suggested that the jobseeker data hack was a result of unprotected ElasticSearch, which is a tool that collects data from multiple locations in accordance with rules set by the person conducting it.
The data that got leaked in the initial instance has been indexed on the monitoring and notification platform of Cyble. The company says those concerned about the information leak can register on Amlbreached.com