Indian job portal IIMJobs hacked; database leaked online

According to Alexa traffic analysis, IIMJobs is among the top 700 visited websites in India. Here’s what was leaked and what happened.
Indian job portal IIMJobs hacked; entire database leaked online

 

According to Alexa traffic analysis, IIMJobs is among the top 700 visited websites in India.

Another day, another Indian job site targeted by hackers. This time, the database of Indian job board IIMJobs was leaked on a prominent hacking forum after the website suffered a data breach.

The targeted domain IIMJobs.com is operated by Highorbit Careers which was acquired by InfoEdge in 2019.

According to Hackread.com’s analysis, the database was leaked on November 23rd, 2020 containing up to 46GB of data belonging to jobseekers and recruiters registered with IIMJobs. 

It can be confirmed that approximately 1.4 million registered users of the website have been affected by the data breach.

The leaked data includes sensitive personal information such as names, email addresses, phone numbers, geographic location, occupation/industry of work, and their LinkedIn profiles links.

Indian job portal IIMJobs hacked; entire database leaked online
Screenshot from the hacker forum where the database has been leaked (Image: Hackread.com)

What’s worse for the affected users is that the parsed version of the database containing email addresses and password hashes in the MD5 algorithm is now being circulated on the Russian hacker forum as well. 

It is worth noting that MD5 hashes are easy to crack therefore if you are an IIMJobs user change your password right now.

Hackread.com’s analysis also indicates that the leaked data is not too old as a majority of it was from last year, some of the information dating back to January 2019. This includes the exact location of the users, including longitude and latitude, and encrypted passwords.

Screenshot from the hacker forum where the database has been leaked (Image: Hackread.com)
Parsed data available on a Russian speaking hacker forum – Image: Hackread.com

Rajaharia stated that the passwords are encrypted using the MD5 message-digest algorithm. It is an outdated method of data encryption, and any hacker can decrypt it easily.

 

Did you enjoy reading this article?  Don’t forget to like our page on Facebook and follow us on Twitter

Total
0
Shares
Related Posts