[BreachExchange] Exclusive: Data Of 1.4 Mn Registered Users On IIMjobs Allegedly Leaked On Dark Web

Destry Winant destry at riskbasedsecurity.com
Wed Nov 25 10:48:50 EST 2020 

https://inc42.com/buzz/data-of-1-4-mn-users-on-iimjobs-allegedly-leaked-on-dark-web/

Inc42 has learnt from cybersecurity researcher Rajshekhar Rajaharia
that the data, sized 50 GB, was being sold on a dark web marketplace
by an anonymous user for as low as INR 370.

The nature of the data that has been leaked is sensitive, as it
includes the names, phone numbers, email addresses, exact location of
users (latitude and longitude), their industry of work and links to
their LinkedIn profiles

The leaked data also includes users’ encrypted passwords. Although,
Rajaharia told that the passwords can be easily decrypted

The data of 1.4 Mn registered users on jobs listing website
iimjobs.com was allegedly leaked on the dark web on Monday (November
23).

Inc42 has learnt from cybersecurity researcher Rajshekhar Rajaharia
that the data, sized 50 GB, was being sold on a dark web marketplace
by an anonymous user for as low as INR 370.

Screenshots of the breached database accessed by Inc42 indicate that
the leaked data is sensitive, as it includes the names, phone numbers,
email addresses, exact location of users (latitude and longitude),
their industry of work and links to their LinkedIn profiles.

The leaked data also includes users’ encrypted passwords. However,
Rajaharia said that the passwords had been encrypted using the MD5
message-digest algorithm, which is an outdated method of data
encryption and can be easily decrypted by hackers today.

“Cybersecurity has moved beyond MD5, which was used only 10-15 years
back. Most websites today prefer to use more sophisticated algorithms
for data security and encryption,” said Rajaharia.

IIMjobs is an online recruitment platform for middle and senior
management positions in India. It claims to have more than 1 Mn
registered users and says that it works with 30,000 recruiters from
sectors such as banking and finance, consulting, sales and marketing,
human resources, information technology and operations, BPO and legal
to help them recruit talent.

IIMjobs was founded by Tarun Matta in 2008. Last year, Info Edge
India, a publicly listed online classifieds company which operates
popular portals such as Naukri.com, jeevansaathi.com and 99acres.com,
acquired Highorbit Careers, the parent entity of iimjobs.com and
hirist.com, the latter being a classified website for jobs in the IT
industry. The deal was worth INR 81 Cr.

Inc42 has learnt from Rajaharia that the leaked data is from last
year, as the most recent ‘date of registration’ for a user whose data
has been leaked in the MySQL database is someday in January 2019, four
months before iimjobs was acquired.

It is apparent that the company has since updated its security
procedures, also suggesting that it’s aware of the data leak that has
happened. Notably, all registered users on iimjobs, upon keying in
their login details on the portal, are required to reset their
passwords through a reset link sent to their registered email ids.

When asked about the data breach, Info Edge said that it is
investigating the platform and keeping a close tab on reports, adding
that it would take some time to deep dive into the alleged problem.

Cyber Attacks On Indian Platforms

Recent months have seen several Indian companies, such as
Google-backed hyperlocal delivery platform Dunzo, online grocery
delivery service BigBasket, popular India food manufacturing company
and restaurant chain owner Haldirams, Indian edtech platform Edureka,
online travel marketplace RailYatri and even the personal website of
Prime Minister Narendra Modi suffer cyber attacks, with the data on
these websites being subsequently leaked on the dark web, where it was
available for purchase.

In May this year, users’ data from another Info Edge-owned jobs portal
Naukri.com had been leaked on the dark web.

Vineet Kumar, the founder of Cyber Peace Foundation (CPF), a think
tank of cybersecurity and policy experts, said that with increased
digitisation of companies and their processes, data has become the new
oil.

Hence, anti-social elements are drawn to hacking and other
sophisticated practices to launch modern-age attacks on people and
countries as such.

“You get good money when you sell users data on the dark web. Hackers
discovering vulnerabilities and using SQL injections to pull entire
databases remains a common practice for hacking,” Kumar told Inc42.

Kumar added that as Indian startups scramble to lure investors and
raise growth capital in an intensely competitive market, ensuring the
security of users’ data is the last of their concerns.

“You’ll see a lot of these Indian startup platforms get hacked in the
near future. Hackers know that lapses will happen here since cyber
hygiene isn’t being maintained by these companies,” he said.

Government data shows that in 2019 alone, India witnessed 3.94 lakh
instances of cybersecurity breaches. In terms of hacking of state and
central government websites, Indian Computer Emergency Response Team
(CERT-In) data shows that a total of 336 websites belonging to central
ministries, departments and state governments were hacked between 2017
and 2019.

According to Nasscom’s Data Security Council of India (DSCI) report
2019, India witnessed the second-highest number of cyber attacks in
the world between 2016 and 2018. This comes at a time when
digitisation of the Indian economy is predicted to result in a $435 Bn
opportunity by 2025.

More information about the BreachExchange mailing list