Personal data of 29 million Indian job seekers leaked on dark web

The source for the data breach isn't clear at the moment

Highlights
  • A 2.3GB file containing data of Indian job seekers was posted on a hacking forum and is available for free
  • The data shared include phone numbers, emails, residential address, and more

Data of around 29 million job seekers in India has leaked on the dark web. The source for the data breach isn’t clear at the moment, but US-based Cyber intelligence firm Cyble predicts it could be from one of the job search aggregator sites in the country. The firm says that a 2.3GB file containing the data of Indian job seekers was posted on a hacking forum and is available for free. It is also suggesting all resume aggregators must check for a possible breach so the source can be identified. Cyble has shared images of some data from the file, suggesting the data was obtained from different states.

The data shared during the original leak include phone numbers, emails, residential address, academic qualification, work experience, and more. The research team also says they have received a tip suggesting that the job seeker data hack was a result of defenceless ElasticSearch, which is a tool that collects data from multiple locations under rules set by the person conducting it. The leaked data was indexed on the monitoring and notification platform of Cyble. It said those concerned about the information being leaked can register on amlbreached.com.

Additionally, Beenu Arora, Cyble founder says the data may have breached from two different sources as the details of the Aadhar Cards and data about 1.8 million residents of Madhya Pradesh originated from a different source. The original leak appears to be from a resume aggregator service collecting data from various known job portals. Cyble’s team is still investigating this further and will be updating as more facts surface,” the report said.