On 25th May, researchers from Cyble reported that 2.9 crore Indian jobseekers’ data was exposed on dark web hacking forums, creating panic among registered users of various recruitment platforms. The breached data includes sensitive information such as email addresses, phone numbers, home addresses, work experience, etc. While it is true that a data breach leaked jobseekers’ information, the data posted on the hacking forums as a result of the said breach, dates back to the years 2006-2012.
CloudSEK researchers probed for more information on the breach and the leaked data. They were able to identify users of various hacking forums who are responsible for the recent posts, the content of the leaked files and folders, and most importantly timestamps of the files that confirms the data is outdated.
Among several forums that may have published the same data, we were able to identify two users on separate forums responsible for exposing the data.
Registered user of a Russian hacking forum, “beserious” posted a file that contains 12 different folders with leaked data that includes names, addresses, phone numbers, etc., on 20th May. The user claims that the size of the file is 2.3 GB. The post is accompanied by a Russian text that reads “You must have more than 50 reactions to view hidden content.” This restricted CloudSEK researchers to view the file. The user also declined to share the file.
User registered to a popular marketplace forum posted the file containing the jobseekers’ data along with a sample of the data, and a link to Cyble’s research indicating that the data contained in the files are from the breach mentioned in that specific research by the the US based cyber intelligence firm. The user posted this on 23rd May, 2020.
CloudSEK researchers were denied access to the files that were published on the Russian hacking forum, but were quick to discover the same data for free on the popular dark web trading forum.