wordpress blog stats
Connect with us

Hi, what are you looking for?

Data of 1.4 million users on IIMjobs leaked: Report

cyber crime

Jobs listing website, IIMjobs.com, suffered a database breach on Monday exposing personal data of nearly 1.4 million users that were registered on the website. The leaked data include the names, phone numbers, email addresses, location of the users, their industry work and links to their LinkedIn profiles, Inc42 reported.

The report says that around 50 gigabytes worth of data was being sold on a dark-web marketplace. The breach also exposed the user’ encrypted passwords, which was based on the MD-5 message-digest algorithm, which is an outdated method for encryption, it said citing a cyber-security researcher. However, most of the leaked data in the MySQL database is from last year and the most recent data pertains to a user who was registered in January 2019, the researcher said.

IIMjobs, operated by Highorbit Careers Pvt Ltd, was founded in 2008 by Tarun Mata, an IIM Indore alumnus who previously worked Neilsoft, CSC, and Alcatel Lucent. In May 2019, Info Edge India, which operates Naukri.com, Jeevansaathi.com and 99acres.com, acquired Highorbit Careers for Rs 81 crore. Info Edge told Inc42 that it is investigating the platform and that it would take some time to deep dive into the alleged problem, the report says.

In an emailed response a spokesperson for IIMjobs said that the company’s takes the matter of customer security, data, and cybercrime extremely seriously and have been internally investigating the matter. “Based on our investigation, we’ve found that the data is two years old. It is not recent. We’ve subsequently reviewed and strengthened our security measures to ensure that all our servers are secure and user data is well protected. We recently invalidated all user passwords and have asked users to change their passwords,” the statement from the spokesperson said. “We will continue to strengthen our security measures to ensure that the data of our users are safe and held in the strictest security,” they added.

While incidents of data breaches and personal information being sold on the dark web increasing year-on-year, the Indian government is yet to introduce a personal data protection law in Parliament. Although, several state governments have cyber-security specific police departments where customers and users can register their complaints, very few actually do so while the police departments themselves are under-resourced to take on such crimes. Recently, the government said it is working on a new national cyber security strategy.

Numerous data breaches in recent months

Recently, Reliance Digital exposed data of several customers based on a survey it conducted on the upcoming launch of the Play Station-5. In November, data of over 2 crore BigBasket users was leaked and was being sold on the dark web and in August, over 700,000 email addresses of users on travel marketplace website, RailYatri had been leaked. In July, hyperlocal delivery platform Dunzo disclosed that its database was breached by an attacker and Disney+ Hotstar, the streaming platform, said that some of its users’ accounts were compromised because of “data breaches on other platforms”. In June, a report by VpnMentor said that over 7 million records of BHIM UPI app users were breached. And in May this year, data of about 29 million Indian job seekers were leaked on the dark web.

Prior to these incidents, earlier this year it was revealed in a Twitter post that Royal Enfield had exposed a database of at least 452,000 people in January 2020, while personal details more than 1.2 million SpiceJet passengers had been exposed. In January this year, at least 3,000 email address of government officials belonging to the Indian Space Research Organisation (ISRO), Bhabha Atomic Research Centre (BARC), Ministry of Corporate affairs, Ministry of External Affairs, Atomic Energy Regulatory Board (AERB) and Securities and Exchanges Board of India (SEBI), had been compromised and was available on the dark web.

Advertisement. Scroll to continue reading.


**Update (November 25, 2020 7:26 pm): Updated with statement from IIMjobs. Originally published on November 25, 2020 at 11:36 am.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....


By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...


By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...


By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...


This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like


In response to alleged Chinese ransomware attacks and intellectual property theft, the Biden administration is reportedly beefing up its cybersecurity policy.  “Today, the United...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ