An unsecured database exposed the personal details of 202M job seekers in China

The personal details belonging to more than 202 million job seekers in China, including information like phone numbers, email addresses, driver licenses and salary expectations, were freely available to anyone who knew where to look for as long as three years due to an insecure database.

That’s according to findings published by security researcher Bob Diachenko who located an open and unprotected MongoDB instance in late December which contained 202,730,434 “very detailed” records. The database was indexed in data search engines Binary Edge and Shodan, and was freely visible without a password or login. It was only made private after Diachenko released information about its existence on Twitter.

Diachenko, who is director of cyber risk research at Hacken, wasn’t able to match the database with a specific service, but he did locate a three-year-old GitHub repository for an app that included “identical structural patterns as those used in the exposed resumes.” Again, ownership is not clear at this point although the records do seem to contain data that was scraped from Chinese classifieds, including the Craigslist-like 58.com.

A 58.com spokesperson denied that the records were its creation. They instead claimed that their service had been the victim of scraping from a third-party.

“We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us. It seems that the data is leaked from a third party who scrape[d] data from many CV websites,” a spokesperson told Diachenko.

TechCrunch contacted 58.com but we have not yet received a response.

While the database has now been secured, it was potentially vulnerable for up to three years and there’s already evidence that it had been regularly accessed. Although, again, it isn’t clear who by.

“It’s worth noting that MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline,” Diachenko wrote.

There’s plenty of mystery here — it isn’t clear whether 58.com was behind the hole, or if it is a rival service or a scraper — but what is more certain is that the vulnerability is one of the largest of its kind to be found in China.

GitHub CFO Vlado Herman Is No Longer At The Company

vlado herman We’re hearing from sources that GitHub CFO Vlado Herman, who joined in December 2012, is no longer at the company. Herman was a high-profile hire at the time — and prior to GitHub, he was the CFO of Yelp. To be sure, as a company matures, executive departures can and often do happen. He had been at the company for around three years. We’re also hearing that David McJannet,… Read More

At GitHub You Don’t Need No Stinkin’ Office, But There Is A Nice One If You Do

GitHub Offices with comfy chair with stuffed GitHub animal sitting on it. If you want to work for GitHub, the software development collaboration hub built on the open source Git project, you have to be independent and able to work outside the confines of what most organizations would consider normal operational guidelines.
You don’t have to come to the office. In fact, you are encouraged to work where you want in the world at whatever timing makes sense for you. Read More

Stripe Hires Away Twitter’s Romain Huet To Lead Global Developer Relations

Stripe Office At Twitter’s Flight conference, one of the stand-out portions of the keynote was a pretty epic on-stage coding exercise. It lasted about a half hour and turned into a sample project that was immediately made available on Github. One participant, Romain Huet, is leaving Twitter for online payments service Stripe to run its global developer relations team. He joined Twitter in 2013… Read More

Trello Launches Revamped Business Offering With Third-Party Integrations

Trello-Slack-Integration Back in 2013, project management service Trello launched its ‘Business Class’ service as a basic paid offering for teams that needed extra features like Google Apps integration and more granular administrative controls. Today, the company is launching a revamped version of its business offering that introduces new features like third-party integrations with tools like Slack, GitHub… Read More

Hardware Incubators Are Critical To The Future Of Making Things

shutterstock_265657364 Hardware is hot — and poised to get hotter. Venture capital investment in connected device hardware startups reached approximately $1.48 billion in 2014, more than triple the amount of two years earlier. Meanwhile, the “fairy tale” acquisitions of Dropcam, Nest, Beats and Oculus — and the IPOs of Fitbit and GoPro — fuel public interest and momentum for new startups… Read More

Setting The Right Valuation For A Competitive Series A Round

Dollars on a green background Founders are often puzzled by how VCs derive valuations for competitive Series A rounds. A competitive Series A round is an equity round where a company generally raises greater than $5 million led by a top-quartile venture capital firm. During these Series A rounds, it is not uncommon for founders to receive multiple term sheets from lead investors at different valuations, and to feel… Read More

Setting The Right Valuation For A Competitive Series A Round

Dollars on a green background Founders are often puzzled by how VCs derive valuations for competitive Series A rounds. A competitive Series A round is an equity round where a company generally raises greater than $5 million led by a top-quartile venture capital firm. During these Series A rounds, it is not uncommon for founders to receive multiple term sheets from lead investors at different valuations, and to feel… Read More

GitHub Raises $250M Series B Round To Take Risks

4858486575_17a28e7b11_o GitHub, the software development collaboration and version control service based on the popular open source Git tool, today announced that it has raised a $250 million funding round led by Sequoia Capital. Andreessen Horowitz, Thrive Capital and Institutional Venture Partners also participated in this round. The company, which was founded back in 2008, has now taken a total of $350 million… Read More

Creating The Open-Source Community Of Your Dreams

clouds When a company decides to embrace open-source software development, releasing the code under a suitable license is only the tip of the iceberg. The real challenge that companies face is learning how to attract and collaborate with contributors. It’s not easy, but fostering the growth of a healthy community is a necessary step that will help your open-source software project fulfill… Read More