Job recruitment site Ladders exposed 13 million user profiles

TechCrunch | 5/1/2019 | Staff
tiazanne (Posted by) Level 3
Click For Photo: https://techcrunch.com/wp-content/uploads/2019/05/GettyImages-172912683.jpg?w=598

Ladders, one of the most popular job recruitment sites in the U.S. specializing in high-end jobs, has exposed more than 13.7 million user records, following a security lapse.

The New York-based company left an Amazon -hosted Elasticsearch database exposed without a password, allowing anyone to access the data. Sanyam Jain, a security researcher and a member of the GDI Foundation, a non-profit aimed at securing exposed or leaking data, found the database and reported the findings to TechCrunch in an effort to secure the data.

Hour - TechCrunch - Ladders - Database - Offline

Within an hour of TechCrunch reaching out, Ladders had pulled the database offline.

Marc Cenedella, chief executive, confirmed the exposure in a brief statement. “AWS confirms that our AWS Managed Elastic Search is secure, and is only accessible by Ladders employees at indicated IP addresses. We will look into this potential theft, and would appreciate your assistance in doing so,” he said.

TechCrunch - Data - Dozen - Users - Site

TechCrunch verified the data by reaching out to more than a dozen users of the site. Several confirmed their data matched their Ladders profile. One user who responded said they are “not using the site anymore”...
(Excerpt) Read more at: TechCrunch
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!