etgifford
commented
1 year ago Open swidup opened 1 year ago
etgifford
commented
1 year ago etgifford
commented
1 year ago Myrocket.co, HQ: Bengaluru, Karnataka, India, Emp: 501-1000, NAICS 541612: (provides end-to-end recruitment solutions and HR services to companies in India). Data was for 11,000,000 people: (2,000,000 employees and 9,000,000 candidates): name, phone number, addresses, resumes bank details, parent’s names, date of birth, salary, payslip, tax information, driver’s license, voter ID. Dec 12, 2022, Cybernews research team discovered publicly accessible database.
etgifford
commented
11 months ago UPDATED SUMMARY: Rocket (aka Myrocket.co, RocketApp, Rocket by BetterPlace), HQ: Bengaluru, Karnataka, India, Emp: 1000, NAICS 541612: (provides end-to-end recruitment solutions and HR services to companies in India). On December 12, 2022, the Cybernews research team (cybernews.com) discovered a publicly accessible database with 260GB of sensitive personal data belonging to Rocket. The database contained information for 11,000,000 accounts: (2,000,000 employees and 9,000,000 candidates): name, phone number, addresses, resumes bank details, parent’s names, date of birth, salary, payslip, tax information, driver’s license, voter ID, resumes, and job interview related information. The breach was caused by the misconfiguration of a newly created Kibana (data visualization and exploration tool used for log and time-series analytics, application monitoring, and operational intelligence use cases) instance. The discovered database was not protected by authentication, allowing threat actors to modify the data, changing salary amounts and details of bank accounts used for salary payments. Rocket mitigated the vulnerability after they were notified by Cybernews.
https://www.thehindu.com/sci-tech/technology/hr-portal-myrocketco-data-breach-exposes-information-of-indian-employees-report/article66396467.ece