Personal details of about 29 million Indian job seekers, including sensitive information such as their email, phone, home address, qualification, and work experience, among others were leaked on the dark web, according to cybersecurity intelligence firm Cyble. The data amounted to over 2 GB, and was posted by a threat actor (an individual or group who intend to disrupt security of another entity) in one of the hacking forums, the company said. Financial Express first reported this. The company has also discovered almost 2,000 compromised Aadhaar cards, and information on 1.8 million people from Madhya Pradesh in a similar forum (more on that below).
“We usually see this sort of leaks all the time, but this time, the message header got our attention as it included a lot of personal details – where most of the things are generally static such as education, address etc.” Cyble said in a blog post. According to screenshots shared by Cyble, the compromised data showed files from Delhi, West Bengal, Karnataka, Pune, Tamil Nadu, Bengaluru, Mumbai, Chennai and Ahmedabad, among others.
The company initially associated the compromise to a resume aggregator given the “sheer volume and detailed information”, but was later tipped off that the data could have originated from an unprotected elastic search instance. The same tip off also informed Cyble that the instance is longer available, and the company was investigating this claim. Elastic Search is an open source search engine which can index document files in diverse formats.
On Sunday, Cyble found close to 2,000 Aadhaar cards in one of the hacking forums, and said that given the file name the file seems to have originated in 2019. The company associated it with the threat actor who recently leaked data of 1.8 million of people from Madhya Pradesh. It isn’t clear when the data related to residents of Madhya Pradesh was leaked, but according to the Hindu, Cyble discovered the leak during its investigations into the jobseeker data. The report said that authorities have initiated investigations into the matter. We have reached out to Cyble for more information on this.
In April, Cyble had discovered more than 500,000 Zoom accounts put up on sale on the dark web and hacker forums. Credentials including people’s email address, password, personal meeting URL, and HostKey (a 6-digit PIN tied to a person’s Zoom account), could be purchased for less than a rupee, and in some cases, even for free.