Some facts of the article are under review. We are in the process of confirming some details in the original report by Cyble.
A report by cybersecurity firm Cyble has found personal data of 29 Mn Indian job seekers on the dark web, available for sale, free of cost.
Cyble in its blog post said that it has identified a sensitive data breach on the darkweb where an “actor” has leaked personal details of 29 Mn job seekers from the various states. “The original leak appears to be from a resume aggregator service collecting data from various known job portals,” it said.
In a zipped file size 2.3 GB, the hacker has written that it had “12 files with details like name, address, email, phone, current employer, salary, field etc.” Cyble is yet to identify the original source of leak, but in the screenshots shared by Cyble, it can be seen that the lists include data from job portals like Naukri, Times Jobs among others.
The development comes after an independent security researcher discovered a database of 9.1 Mn Zoomcar users being sold on the dark web by an anonymous hacker. The database includes sensitive user data like name, email, phone number, IP address and encrypted passwords.
Prior to this, Cyble found that a threat actor was selling Unacademy user database containing 20 Mn accounts for $2,000 on the dark web. However, the company claimed that as per its internal investigations, email data of around 11 Mn users has been compromised as against 22 Mn stated in reports.
Also, Gurugram-based online school management platform Skolaro exposed data belonging to over 50K students studying in around 100 Indian schools, their parents as well as teachers, after storing its database in unsecured servers
Other Indian startups including Chqbook, Ixigo, Justdial, have also faced cybersecurity concerns cases in the past year. The number of data breaches in India has shot up in the past few years. According to MeitY, India witnessed 3.94 Lakh instances of cybersecurity incidents in 2019. This data was reported to and tracked by the Indian Computer Emergency Response Team (CERT-In).
According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyberattacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.
Update: May 28, 2020| 10:07 AM
After the story was published, a Naukri spokesperson said, “We have investigated the data and found that the data recovered from the aforementioned file is of jobseekers and dates back to the year 2006 – 2012. Further, we found no proof that the data has been collected from Naukri.com, while the file has been named so.”
Correction Note: June 4, 2020| 21:42
The headline of the story has been altered as we await confirmation on some details in the original article.