MongoDB Instance Leaks 200 Million Chinese CVs
January 11, 2019 / Phil Muncaster
A huge MongoDB database containing detailed CVs for over 202 million individuals has been found exposed online. The unprotected MongoDB instance was found via a simple BinaryEdge or Shodan search and was left without any password protection, according to Bob Diachenko, director of cyber risk research at Hacken.io and HackenProof. The 854GB trove contained data on 202.7m Chinese job-seekers including “personal info, such as mobile phone number, email, marriage, children, politics, height, weight, driver license, literacy level, salary expectations and more.” Such information could be used to good effect in follow-on phishing attacks. The source of the data is unknown, although it is believed it may have been scraped from third-party CV sites.