Data leak: Cyber intelligence firm Cyble on Friday announced that during its sweep of the dark web, it found the leaked data of over 2.9 crore Indian job seekers, up for cyber criminals to grab. In a blog post, the firm announced that it came across a 2.3 GB compressed file on a hacking forum. The threat actor had said that the files of data contained the names, addresses, email IDs, phone numbers, field of occupation, current salaries and employers among other details of the job seekers.
The firm said that this was more than the usually static data that is available on such forums.
A screengrab of the data files that were uploaded in the blog post showed files from Delhi, West Bengal, Karnataka, Pune, Tamil Nadu, Bengaluru, Mumbai, Chennai and Ahmedabad, among others. The files also included data according to the platforms where the job seekers had uploaded their details on prominent job portals.
Initially, the cyber intelligence firm believed that the data was leaked by a resume aggregator, based on the amount of data and details that were leaked. However, on Sunday, the firm posted an update which stated that they received an anonymous tip-off that the leak was due to an unprotected elastic search instance and said they were also informed that the instance is not accessible anymore. Cyble said they were investigating these claims.
Why is data leak so critical?
Explaining about the data leak, Cyble said that hackers and cyber criminals are always trying to look for personal information so that they could indulge in activities such as identity theft, corporate espionage and scams.