wordpress blog stats
Connect with us

Hi, what are you looking for?

Data of 1.4 million users on IIMjobs leaked: Report

cyber crime

Jobs listing website, IIMjobs.com, suffered a database breach on Monday exposing personal data of nearly 1.4 million users that were registered on the website. The leaked data include the names, phone numbers, email addresses, location of the users, their industry work and links to their LinkedIn profiles, Inc42 reported.

The report says that around 50 gigabytes worth of data was being sold on a dark-web marketplace. The breach also exposed the user’ encrypted passwords, which was based on the MD-5 message-digest algorithm, which is an outdated method for encryption, it said citing a cyber-security researcher. However, most of the leaked data in the MySQL database is from last year and the most recent data pertains to a user who was registered in January 2019, the researcher said.

IIMjobs, operated by Highorbit Careers Pvt Ltd, was founded in 2008 by Tarun Mata, an IIM Indore alumnus who previously worked Neilsoft, CSC, and Alcatel Lucent. In May 2019, Info Edge India, which operates Naukri.com, Jeevansaathi.com and 99acres.com, acquired Highorbit Careers for Rs 81 crore. Info Edge told Inc42 that it is investigating the platform and that it would take some time to deep dive into the alleged problem, the report says.

In an emailed response a spokesperson for IIMjobs said that the company’s takes the matter of customer security, data, and cybercrime extremely seriously and have been internally investigating the matter. “Based on our investigation, we’ve found that the data is two years old. It is not recent. We’ve subsequently reviewed and strengthened our security measures to ensure that all our servers are secure and user data is well protected. We recently invalidated all user passwords and have asked users to change their passwords,” the statement from the spokesperson said. “We will continue to strengthen our security measures to ensure that the data of our users are safe and held in the strictest security,” they added.

While incidents of data breaches and personal information being sold on the dark web increasing year-on-year, the Indian government is yet to introduce a personal data protection law in Parliament. Although, several state governments have cyber-security specific police departments where customers and users can register their complaints, very few actually do so while the police departments themselves are under-resourced to take on such crimes. Recently, the government said it is working on a new national cyber security strategy.

Numerous data breaches in recent months

Recently, Reliance Digital exposed data of several customers based on a survey it conducted on the upcoming launch of the Play Station-5. In November, data of over 2 crore BigBasket users was leaked and was being sold on the dark web and in August, over 700,000 email addresses of users on travel marketplace website, RailYatri had been leaked. In July, hyperlocal delivery platform Dunzo disclosed that its database was breached by an attacker and Disney+ Hotstar, the streaming platform, said that some of its users’ accounts were compromised because of “data breaches on other platforms”. In June, a report by VpnMentor said that over 7 million records of BHIM UPI app users were breached. And in May this year, data of about 29 million Indian job seekers were leaked on the dark web.

Prior to these incidents, earlier this year it was revealed in a Twitter post that Royal Enfield had exposed a database of at least 452,000 people in January 2020, while personal details more than 1.2 million SpiceJet passengers had been exposed. In January this year, at least 3,000 email address of government officials belonging to the Indian Space Research Organisation (ISRO), Bhabha Atomic Research Centre (BARC), Ministry of Corporate affairs, Ministry of External Affairs, Atomic Energy Regulatory Board (AERB) and Securities and Exchanges Board of India (SEBI), had been compromised and was available on the dark web.

 

**Update (November 25, 2020 7:26 pm): Updated with statement from IIMjobs. Originally published on November 25, 2020 at 11:36 am.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

News

Senior journalist and news anchor Nidhi Razdan was all set to start teaching at Harvard University this year. But it turns out she appears...

News

As businesses and individuals moved online, cyber criminals and fraudsters were able to hone in their skills and target a wider range of people...

News

Sensitive card data belonging millions of Indians has been compromised and leaked on the dark web due to a security comprise at a server...

News

Info Edge Venture Fund has raised ₹375 crore from MacRitchie Investments, a subsidiary of Temasek Holdings, according to a stock exchange filing. The venture...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ