160K resumes on Chinese recruitment site allegedly leaked by staff

Former employees of the Zhilian recruitment site confess to exposing 160K personal resumes

Former staff from a Chinese recruitment site allegedly helped to expose accounts of 160 000 members. Resumes leaked for 70 US cents apiece.

Employees from the Zhilian Recruitment seem to be involved in reselling personal information from the website: 160K personal resumes leaked for 70 cents for one piece. The evidence has been released at a Beijing trial, according to the report^[1] that came after the official Zhilian statement^[2] apologizing for the troubles caused and claiming to strengthen the management and security technology of the services.

According to the trial, two former employees illegally helped another person with a surname Zheng steal numerous records. Additionally, corporate member accounts on the website were later been used to trade them for around 5 yuan (70 US cents). This was considered as a violation of the company's rules.

Having in mind that the Chinese job recruitment site reached monthly active users of 6.8 million back in January, this year, Zhilian becomes the second largest online recruiting platform in China.^[3] Unfortunately, this activity only exposes the site and makes it a bigger target of malicious actors and other scammers.

The case of reselling resumes from the recruitment site

The company reported this data exposure case to the police back in June 2018 when it came to their knowledge that some information had been traded on Taobao e-commerce website. Zhilian also reports that two staff members responsible for this incident were arrested from the Shanghai bureau in August.

Since then, the company added more resources to various departments and examined activities within the company to correct occurred issues. Information security upgrades, third-party fraud information database, and other online customer security risk assessment systems added.

In their statement, Zhilian Recruitment also claims to audit all corporate accounts that posted jobs on the websites to find any unusual activities and to possibly stop any potential leaks. The network security incidents are common, and the company says that they will up their employee education on the internet and information security crime to maintain the healthy development of the job recruitment industry.

Data leaks in China already exposed millions of customer data

Chinese police have already investigated incidents regarding exposed and leaked data. From firms exposing resumes of people to huge companies leaking customers' personal details, China has been mentioned in media for all the worst reasons.

Only a month ago reports surfaced media outlets about a database belonging to Shanghai Jiao Tong University that leaked more than 8.4 TB of data. We have also reported about the incident of Huazhu Hotel group that exposed millions of customers data back in 2018.^[4] The personal information that was stolen contained full names, phone numbers, and dates of birth.

Chinese companies alone have leaked almost 600 million pieces of customer data throughout the years. Poorly secured databases, servers, and unexpected firewall errors result in data exposed online without any protection, making sensitive details accessible to anyone. Unfortunately, popular ElasticSearch or MongoDB databases were involved in more data breaches all over the world.^[5]