An unsecured database exposed the personal details of 202M job seekers in China

The personal details belonging to more than 202 million job seekers in China, including information like phone numbers, email addresses, driver licenses and salary expectations, were freely available to anyone who knew where to look for as long as three years due to an insecure database.

That’s according to findings published by security researcher Bob Diachenko who located an open and unprotected MongoDB instance in late December which contained 202,730,434 “very detailed” records. The database was indexed in data search engines Binary Edge and Shodan, and was freely visible without a password or login. It was only made private after Diachenko released information about its existence on Twitter.

Diachenko, who is director of cyber risk research at Hacken, wasn’t able to match the database with a specific service, but he did locate a three-year-old GitHub repository for an app that included “identical structural patterns as those used in the exposed resumes.” Again, ownership is not clear at this point although the records do seem to contain data that was scraped from Chinese classifieds, including the Craigslist-like 58.com.

A 58.com spokesperson denied that the records were its creation. They instead claimed that their service had been the victim of scraping from a third-party.

“We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us. It seems that the data is leaked from a third party who scrape[d] data from many CV websites,” a spokesperson told Diachenko.

TechCrunch contacted 58.com but we have not yet received a response.

While the database has now been secured, it was potentially vulnerable for up to three years and there’s already evidence that it had been regularly accessed. Although, again, it isn’t clear who by.

“It’s worth noting that MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline,” Diachenko wrote.

There’s plenty of mystery here — it isn’t clear whether 58.com was behind the hole, or if it is a rival service or a scraper — but what is more certain is that the vulnerability is one of the largest of its kind to be found in China.

Cleveland offered $120 million in freebies lure Amazon to the city

A Cleveland.com article detailed the lengths the small midwestern city would go to lure Amazon’s in 50,000-person HQ2. In a document obtained by reporter Mark Naymik, we learn that Cleveland was ready to give over $120 million in free services to Amazon including considerably reduced fares on Cleveland-area trains and buses.

The document, available here, focuses on the Northeast Ohio Areawide Coordinating Agency (NOACA)’s ideas regarding the key component in many of Amazon’s decisions – transportation.

Ohio has a budding but often tendentious connection to public transport. Cities like Columbus have no light rail while Cincinnati just installed a rudimentary system. Cleveland, for its part, has a solid if underused system already in place.

That the city would offer discounts is not surprising. Cities were falling over themselves to gain what many would consider – including Amazon itself – a costly incursion on the city chosen. However, given the perceived importance of having Amazon land in a small city – including growth of the startup and tech ecosystems – you can see why Cleveland would want to give away plenty of goodies.

Ultimately the American Midwest is at a crossroads. It could go either way, with small cities growing into vibrant artistic and creative hubs or those same cities falling into further decline. And the odds are stacked against them.

The biggest city, Chicago, is a transport, finance, and logistics hub and draws talent from smaller cities that orbit it. Further, “smart” cities like Pittsburgh and Ann Arbor steal the brightest students who go on to the coasts after graduation. As Richard Florida noted, the cities with a vibrant Creative Class are often the ones that succeed in this often rigged race and many cities just can’t generate any sort of creative ecosystem – cultural or otherwise – that could support a behemoth like Amazon landing in its midst.

What Cleveland did wasn’t wrong. However, it did work hard to keep the information secret, a consideration that could be dangerous. After all, as Maryland Transportation Secretary Pete K. Rahn told reporters: “Our statement for HQ2 is we’ll provide whatever is necessary to Amazon when they need it. For all practical purposes, it’s a blank check.”

The Micro:bit Is Shaping Up To Be The Perfect Programming Device For Kids

microbit The BBC is set to continue its history in educational computing with the Micro:bit. First displayed in March, the broadcaster just revealed the final design and programming environment of the tiny programmable board, which includes new sensors and abilities not previously displayed. The tiny device lacks the processing power of the Raspberry Pi and Arduino’s extensive ecosystem, but… Read More

As Internal Threats Rise Investors Back New Security Tech

13334048894_6e8b421c4e_o Amid this steady drumbeat of technology breaches and security snafus, venture capitalists have spent roughly $6.5 billion on new technologies to combat this menace, according to CrunchBase data. The latest company to benefit from this deluge of dollars, and the one that addresses the issue of bad actors inside corporate networks most directly, is HyTrust, which closed on $25 million. Read More

How The Apple Watch And iPhone 6 Plus Might Flip Your Mobile Computing Habits

IMG_8970 Apple’s new wearable hardware could eventually become much more than just an optional accessory – eventually, it could be one half of a Voltron-style combo that makes up the bulk of our computing life, relegating the tablet and smartphone model to the past. Just like a tablet/smartphone combo was a common duo over the past few years, a smartwatch/phablet duo could be the optimal… Read More