Indian Job Portal Talanton AI Exposed 1.6 Million Records Of Its Users With Sensitive Information
An Indian job portal Talanton accidentally leaked a huge bunch of job seeker’s as well as employers d
ata publicly. More than 1 million records of users from around the world.
Talanton AI Exposed Job Seekers Data
A researcher from SafetyDetective has discovered another data leakage incident affecting over a million users. The researcher, Anurag Sen, found an unsecured database belonging to an Indian job site Talanton AI exposed roughly 1.6 million records pertaining to job seekers worldwide.
Reportedly, the researcher found a publicly accessible Elastic server containing 3GB of data having personal information of individuals. The database contained about 1.6 million records belonging to both the employers as well as job seekers worldwide.
As stated in the blog post,
MANY COUNTRIES ARE REPRESENTED IN THIS EXPOSURE OF PROFESSIONALS’ PERSONAL INFORMATION, INCLUDING THE USA, INDIA, ISRAEL, UK, FRANCE, MULTIPLE ADDITIONAL EUROPEAN COUNTRIES, AUSTRALIA, UAE, SINGAPORE, AND HONG KONG, JUST TO NAME A FEW.
What’s more troubling was that the database also exposed direct contact information of sensitive personnel, such as the CISO’s and CEO’s, as well. Moreover, the database also leaked data belonging to high-ranking government officers, such as the CTO of the Australian Government. Besides, it also included information related to security agencies, including the FBI.
THEY WERE REPRESENTED BY THE DATA OF AN FBI DOMESTIC SECURITY ALLIANCE COUNCIL MEMBER AS WELL.
Specifically, the database leaked PII data of the users, such as titles, locations, gender, nationality, direct contact number, email addresses, current employers, expected salary, and job seeking status, alongside other private information.
Moreover, it also contained more than 50,000 encrypted passwords.
Likewise, for employers too, the database exposed similar details, such as direct email addresses, contact numbers, offered salaries for various positions, and locations, even the undisclosed ones.
Who Fixed This Matter?
Tata Communication Fixed This Matter
Considering the explicitness of the information exposed during this incident, the researchers express concern for the dangers associated with it. Had any bad actor accessed the data, it would trigger various malicious activities from extortion and bribery to phishing and identity theft.
The researcher discovered the exposed database on May 30, 2019. Whereas, they suspect the server remained accessible between May 17, 2019, and June 15, 2019. Scratching the surface could let them unveil the link between the server and Talanton AI. Nonetheless, upon reporting the matter, they didn’t hear back from the database owner. Thus, they next contacted the server hosting firm, Tata Communications, who then closed the server.