wordpress blog stats
Connect with us

Hi, what are you looking for?

Data of 1.4 million users on IIMjobs leaked: Report

cyber crime

Jobs listing website, IIMjobs.com, suffered a database breach on Monday exposing personal data of nearly 1.4 million users that were registered on the website. The leaked data include the names, phone numbers, email addresses, location of the users, their industry work and links to their LinkedIn profiles, Inc42 reported.

The report says that around 50 gigabytes worth of data was being sold on a dark-web marketplace. The breach also exposed the user’ encrypted passwords, which was based on the MD-5 message-digest algorithm, which is an outdated method for encryption, it said citing a cyber-security researcher. However, most of the leaked data in the MySQL database is from last year and the most recent data pertains to a user who was registered in January 2019, the researcher said.

IIMjobs, operated by Highorbit Careers Pvt Ltd, was founded in 2008 by Tarun Mata, an IIM Indore alumnus who previously worked Neilsoft, CSC, and Alcatel Lucent. In May 2019, Info Edge India, which operates Naukri.com, Jeevansaathi.com and 99acres.com, acquired Highorbit Careers for Rs 81 crore. Info Edge told Inc42 that it is investigating the platform and that it would take some time to deep dive into the alleged problem, the report says.

In an emailed response a spokesperson for IIMjobs said that the company’s takes the matter of customer security, data, and cybercrime extremely seriously and have been internally investigating the matter. “Based on our investigation, we’ve found that the data is two years old. It is not recent. We’ve subsequently reviewed and strengthened our security measures to ensure that all our servers are secure and user data is well protected. We recently invalidated all user passwords and have asked users to change their passwords,” the statement from the spokesperson said. “We will continue to strengthen our security measures to ensure that the data of our users are safe and held in the strictest security,” they added.

While incidents of data breaches and personal information being sold on the dark web increasing year-on-year, the Indian government is yet to introduce a personal data protection law in Parliament. Although, several state governments have cyber-security specific police departments where customers and users can register their complaints, very few actually do so while the police departments themselves are under-resourced to take on such crimes. Recently, the government said it is working on a new national cyber security strategy.

Numerous data breaches in recent months

Recently, Reliance Digital exposed data of several customers based on a survey it conducted on the upcoming launch of the Play Station-5. In November, data of over 2 crore BigBasket users was leaked and was being sold on the dark web and in August, over 700,000 email addresses of users on travel marketplace website, RailYatri had been leaked. In July, hyperlocal delivery platform Dunzo disclosed that its database was breached by an attacker and Disney+ Hotstar, the streaming platform, said that some of its users’ accounts were compromised because of “data breaches on other platforms”. In June, a report by VpnMentor said that over 7 million records of BHIM UPI app users were breached. And in May this year, data of about 29 million Indian job seekers were leaked on the dark web.

Advertisement. Scroll to continue reading.

Prior to these incidents, earlier this year it was revealed in a Twitter post that Royal Enfield had exposed a database of at least 452,000 people in January 2020, while personal details more than 1.2 million SpiceJet passengers had been exposed. In January this year, at least 3,000 email address of government officials belonging to the Indian Space Research Organisation (ISRO), Bhabha Atomic Research Centre (BARC), Ministry of Corporate affairs, Ministry of External Affairs, Atomic Energy Regulatory Board (AERB) and Securities and Exchanges Board of India (SEBI), had been compromised and was available on the dark web.


**Update (November 25, 2020 7:26 pm): Updated with statement from IIMjobs. Originally published on November 25, 2020 at 11:36 am.

Written By

Reports on banking, payments, fintech and crypto-curencies. Additional reporting on media regulations, data protection and other areas.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.


It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...


Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ