Security researcher Sanyam Jain uncovered an unprotected AWS-hosted Elasticsearch database belonging to a job recruitment site ‘Ladders’ that exposed almost 13 million job seekers’ data due to lack of authentication.
What data was involved?
What’s the conclusion?
Upon discovery, the security researcher reported the findings to TechCrunch in order to secure the vulnerable database. TechCrunch notified Ladders about the database, and the job recruitment site immediately responded by taking down the database offline.
“AWS confirms that our AWS Managed Elasticsearch is secure, and is only accessible by Ladders employees at indicated IP addresses. We will look into this potential theft, and would appreciate your assistance in doing so,” said Marc Cenedella, Founder and CEO of Ladders.