BreachExchange mailing list archives
Ladders Data Leak: Over 13M User Records Exposed Due To Cloud Misconfiguration
From: Destry Winant <destry () riskbasedsecurity com>
Date: Thu, 2 May 2019 11:48:58 -0500
https://www.ibtimes.com/ladders-data-leak-over-13m-user-records-exposed-due-cloud-misconfiguration-2789394 Popular job recruitment website Ladders, reportedly accidentally exposed over 13 million user records. The data leaked contained information such as users' names, addresses, email addresses, phone numbers, employment histories, and more. The exposed records also contained users' detailed employment descriptions, such as previous jobs, current salaries, and the desired industry in which they are hunting for jobs. The data was stored in an Amazon Web Services (AWS)-hosted Elasticsearch database without any password protection, Techcrunch reported. The lack of password protection would have allowed anyone to access the database, which reportedly contained several years' worth of data. The leaked information also included the data of around 379,000 recruiters' personal data. The leaky database was discovered by Sanyam Jain, a member of the non-profit organization GDI Foundation, Techcrunch reported. The data leak was confirmed by Ladders' founder and CEO Marc Cenedella. TOP ARTICLES2/5READ MOREWhy Prince Harry, Meghan MarkleStopped Following Royal Family On Social Media “AWS confirms that our AWS Managed Elastic Search is secure, and is only accessible by Ladders employees at indicated IP addresses. We will look into this potential theft, and would appreciate your assistance in doing so,” Cenedella said in a statement, Techcrunch reported. Data leaks caused due to cloud misconfiguration have become increasingly common over the past few years. Such leaks have led to the exposure of millions of users' personal and sensitive information. In most cases, such data leaks are caused due to human error – forgetting to add a password to protect the cloud-based database. It is unclear whether the data exposed by Ladders was accessed by any unauthorized parties. It is also unknown as to how long the data was exposed before it was discovered by Jain. Techcrunch reported that the database was taken offline within an hour of it being reported to Ladders. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Ladders Data Leak: Over 13M User Records Exposed Due To Cloud Misconfiguration Destry Winant (May 03)