An Indian HR services and recruitment solutions firm, Rocket (myrocket[.]co), has been found with an exposed publicly accessible database worth 260GB during a security researcher’s cyber monitoring.
The discovery happened last year on December 12, of which the researchers noted that the exposed database could have affected over 200,000 staff and approximately nine million job hunters that have an account on Rocket’s website.
Upon learning of the data leak issue, the Indian HR solutions firm promptly mitigated it, stating that a system misconfiguration in a newly created Kibana instance had caused it.
The Indian HR solutions firm admitted that the leaked database was not secured with an authentication.
The leaked database’s lack of security and authentication allowed its exposure to be publicly available. The incident had compromised hundreds and thousands of PIIs, including threat actors being able to modify the data found in the database.
Numerous employees’ personally identifiable information (PIIs) are contained in the exposed database, including full names, ID numbers, email addresses, phone numbers, taxpayer data, bank details, birthdates, salaries, parent names, payslips, work roles, insurance data, contracts, and photocopies of other personal documents, such as passport and driving licenses.
There are also about 15 million entries of applicants’ job interview-related information, which could expose more sensitive details from the affected individuals.
Security experts are concerned about the weight of this issue, as they highlighted that it could have been avoided should the company have detected and fixed it sooner before the threat actors discovered it. They also added that lack of proper access control and system misconfiguration usually causes these events.
As advised to the affected company, they must employ a protected server that only accepts connections from trusted IP addresses to protect all contained sensitive information. In response, the Indian HR solutions firm launched an internal investigation to identify the problem’s scope and patched the vulnerability upon learning about it.
Nevertheless, all affected individuals with a Rocket account must also closely monitor suspicious activities of malicious actors leveraging their exposed information.
