>>
Technology>>
Cyber security>>
Ladders, the job recruitment w...Ladders, the job recruitment site in the United States has inadvertently left a database unsecured, revealing the details of more than 13 million users. Although this is not the work of hackers, such a lapse in security indicates serious negligence of protocol. The company operated an AWS Elasticsearch database which was apparently left unsecured without a password, allowing access to just about anyone who knew where to look. Security researchers from the GDI Foundation were the first to find the exposed database and report it.
Ladders took the database offline shortly after news about the leak surfaced. The company later gave confirmation about having secured the data and also mentioned that it was investigating any possibilities of data theft.
The database in question contained comprehensive professional as well as personal information of its users. Each of the user records contained names, email addresses, employment history, previously held job titles, types of jobs preferred and even currently earned salaries. While all of this points to user resumes, the unprotected database also contained phone numbers, physical addresses, and even current working locations. Several users also had their years’ worth of professional information out in the open. Furthermore, the leak also exposed the information of hundreds of thousands of recruiters.
Such lapses in security are a major cause for concern at a time when personal data can be misused for numerous purposes.