Exclusive: Data Of 1.4 Mn Registered Users On IIMjobs Allegedly Leaked On Dark Web

Exclusive: Data Of 1.4 Mn Registered Users On IIMjobs Allegedly Leaked On Dark Web

Inc42 has learnt from cybersecurity researcher Rajshekhar Rajaharia that the data, sized 50 GB, was being sold on a dark web marketplace by an anonymous user for as low as INR 370.

The nature of the data that has been leaked is sensitive, as it includes the names, phone numbers, email addresses, exact location of users (latitude and longitude), their industry of work and links to their LinkedIn profiles

The leaked data also includes users’ encrypted passwords. Although, Rajaharia told that the passwords can be easily decrypted

The data of 1.4 Mn registered users on jobs listing website iimjobs.com was allegedly leaked on the dark web on Monday (November 23). 

Inc42 has learnt from cybersecurity researcher Rajshekhar Rajaharia that the data, sized 50 GB, was being sold on a dark web marketplace by an anonymous user for as low as INR 370. 

Screenshots of the breached database accessed by Inc42 indicate that the leaked data is sensitive, as it includes the names, phone numbers, email addresses, exact location of users (latitude and longitude), their industry of work and links to their LinkedIn profiles. 

The leaked data also includes users’ encrypted passwords. However, Rajaharia said that the passwords had been encrypted using the MD5 message-digest algorithm, which is an outdated method of data encryption and can be easily decrypted by hackers today.

“Cybersecurity has moved beyond MD5, which was used only 10-15 years back. Most websites today prefer to use more sophisticated algorithms for data security and encryption,” said Rajaharia.

IIMjobs is an online recruitment platform for middle and senior management positions in India. It claims to have more than 1 Mn registered users and says that it works with 30,000 recruiters from sectors such as banking and finance, consulting, sales and marketing, human resources, information technology and operations, BPO and legal to help them recruit talent. 

IIMjobs was founded by Tarun Matta in 2008. Last year, Info Edge India, a publicly listed online classifieds company which operates popular portals such as Naukri.com, jeevansaathi.com and 99acres.com, acquired Highorbit Careers, the parent entity of iimjobs.com and hirist.com, the latter being a classified website for jobs in the IT industry. The deal was worth INR 81 Cr. 

Inc42 has learnt from Rajaharia that the leaked data is from last year, as the most recent ‘date of registration’ for a user whose data has been leaked in the MySQL database is someday in January 2019, four months before iimjobs was acquired. 

It is apparent that the company has since updated its security procedures, also suggesting that it’s aware of the data leak that has happened. Notably, all registered users on iimjobs, upon keying in their login details on the portal, are required to reset their passwords through a reset link sent to their registered email ids. 

When asked about the data breach, Info Edge said that it is investigating the platform and keeping a close tab on reports, adding that it would take some time to deep dive into the alleged problem.

Cyber Attacks On Indian Platforms

Recent months have seen several Indian companies, such as Google-backed hyperlocal delivery platform Dunzo, online grocery delivery service BigBasket, popular India food manufacturing company and restaurant chain owner Haldirams, Indian edtech platform Edureka, online travel marketplace RailYatri and even the personal website of Prime Minister Narendra Modi suffer cyber attacks, with the data on these websites being subsequently leaked on the dark web, where it was available for purchase. 

In May this year, users’ data from another Info Edge-owned jobs portal Naukri.com had been leaked on the dark web.

Vineet Kumar, the founder of Cyber Peace Foundation (CPF), a think tank of cybersecurity and policy experts, said that with increased digitisation of companies and their processes, data has become the new oil. 

Hence, anti-social elements are drawn to hacking and other sophisticated practices to launch modern-age attacks on people and countries as such. 

“You get good money when you sell users data on the dark web. Hackers discovering vulnerabilities and using SQL injections to pull entire databases remains a common practice for hacking,” Kumar told Inc42

Kumar added that as Indian startups scramble to lure investors and raise growth capital in an intensely competitive market, ensuring the security of users’ data is the last of their concerns. 

“You’ll see a lot of these Indian startup platforms get hacked in the near future. Hackers know that lapses will happen here since cyber hygiene isn’t being maintained by these companies,” he said. 

Government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019. 

According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyber attacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.

You have reached your limit of free stories

want to read the full story?

Unlock This Story & Enjoy All Members-Only Benefits With Inc42 Plus.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?

Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Exclusive: Data Of 1.4 Mn Registered Users On IIMjobs Allegedly Leaked On Dark Web-Inc42 Media

How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Exclusive: Data Of 1.4 Mn Registered Users On IIMjobs Allegedly Leaked On Dark Web-Inc42 Media

Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Exclusive: Data Of 1.4 Mn Registered Users On IIMjobs Allegedly Leaked On Dark Web-Inc42 Media

Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Exclusive: Data Of 1.4 Mn Registered Users On IIMjobs Allegedly Leaked On Dark Web-Inc42 Media
Exclusive: Data Of 1.4 Mn Registered Users On IIMjobs Allegedly Leaked On Dark Web-Inc42 Media

You’re in Good company