What is the issue?
A security researcher named Sanyam Jain uncovered an unprotected Elasticsearch database belonging to a Chinese headhunting firm ‘FMC Consulting’ that has exposed millions of resumes and company data.
What data was compromised?
The leaky database contained resumes, employee and customer records, internal emails, client messages, as well as employees daily tasks and calls they made while contacting clients.
What was the response?
Upon discovery on May 20, 2019, the researcher immediately notified FMC Consulting about the leaky database. However, he did not receive any response.
The researcher then contacted CNCERT/CC to take down the unsecured database. CNCERT/CC responded back after nearly 10 days stating “CNCERT is taking care of this incident”. The database was then secured within a few hours of CNCERT’s response.