A cybersecurity research firm, VPNOverview, discovered a massive breach on the Indian job search site, Rocket Job. The Rocket Job data breach has exposed the personal information of around 243,607 Rocket users which contains their names, phone numbers, emails, and internal data such as; salaries and hiring trends.
Rocket Job Data Breach: Database Found on Cloud Storage Tools
As per the research firm, the Rocket Job’s insecurely-held database file was found on an open Amazon Web Service (AWS) S3 buck, which is a popular cloud storage tool for companies of all sizes. The data contains 243,607 names and phone numbers belonging to job applicants along with 133,532 email addresses. The company has also accidentally leaked some of its internal data comprising information about salaries and hiring trends for blue-collar and entry-level jobs in India.
The security team’s database analyst, Kat Oran, said; “Although names and phone numbers being leaked might not seem like a big deal, it can affect someone’s privacy and security if the information becomes known by the wrong group of people.” Oran further added; “Stolen data ends up on the dark web quite regularly, and hackers, scammers, and spammers can use it to run much more focused attacks. If they have your name, phone number, email, and a website you’re associated with, it could be much easier for someone to fall for such an attack.”
Job-Seeking Website Fixed the Vulnerability
As soon as Rocket Job was made aware of the issue by the cybersecurity firm, the Job-Seeking website closed the breach on an immediate basis and mitigated the security issue. However, the company hasn’t officially responded to the data breach claims. According to VPNOverview; “We discovered the publicly exposed database backup on August 7th, 2022. Following this, we confirmed that the data belonged to Rocket on August 12th, 2022. We then emailed Rocket to responsibly disclose the issue to them that same day. Again, on the same day, Rocket closed the breach and mitigated the security issue.”