Daily News

View All News

China – HR firms have leaked hundreds of millions of CVs in first three months of 2019, study finds

05 April 2019

An analysis by ZDNet found that Chinese HR-focused firms have leaked 590 million CVs in the first three months of the year.

Security researchers then discovered that Chinese HR firms had leaked customer details which included salary details, career and education history, skill set and training information.

“Over the past few months, and especially over the last few weeks, ZDNet has received several tips about exposed servers that --when investigated-- belonged to Chinese HR-focused companies,” ZDNet stated. “From tiny firms exposing a handful of CVs to professional executive head-hunting firms, they've all leaked their customers' details, in one form or another.”

ZDNet said that 590,497,000 CVs have leaked from Chinese companies over the past three months, adding that it was “a worrying sign that Chinese HR companies are not taking the security of their servers seriously.”

None of the companies were named.

ZDNet added that most of the CV leaks occurred because of poorly secured databases and servers that had been left exposed online without a password or ended up online following unexpected firewall errors.

In a blog post on Tripwire, cybersecurity researcher Graham Clueley said that while networking sites such as LinkedIn features employment information and details about career and education history, the information that was leaked was much more personal than information that one could find online.

“Some may think that to have half a billion resumes accessible via the public internet isn’t that much of a problem. After all, LinkedIn claims to have 590 million users itself, many of whom will have shared details of their work and education history.

“The difference is, of course, that resumes shared with recruitment agencies and head hunters contain much more personal information than that which you’re likely to share with a site like LinkedIn,” Clueley said.

“The rate at which Chinese HR firms and Chinese job portals are leaking these CVs shows both a disregard for user privacy, but also a bad security posture on the behalf of these companies,” ZDNet stated.


Add New Comment

Post comment

NOTE: Links will not be clickable.