Last night, HackenProof appear a report advertence that a database absolute resumes of over 200 actor job seekers in China was apparent last month. The leaked info included not just the name and alive acquaintance of people, but also their mobile phone number, email, alliance status, children, politics, height, weight, driver license, and articulacy level as well.

Bob Diachenko, Director of Cyber Risk Research at and bug bounty belvedere HackenProof, found an caught instance of MongoDB absolute these resumes on December 28.

Diachenko found the resumes in the open database search engines Shodan and BinaryEdge. The 854GB database didn’t have any countersign aegis and was open to anyone to read.


Diachenko wasn’t able to analyze who generated the database or who owned it, but a now-defunct GitHub code athenaeum featured a code that used an identical data anatomy to the leaked database. The database independent aching data from assorted Chinese classified websites like However, in a blog post, the website’s agent denied the leak:

We have searched all over the database of us and advised all the other storage, turned out that the sample data is not leaked from us.

It seems that the data is leaked from a third-party who scrape data from many CV websites.

Interestingly, the database was taken down as soon as Diachenko posted about the database on Twitter. Sadly, the MongoDB log showed at least a dozen IP addresses that read the instance before it went off the grid. 

In most instances, it’s easy to acquaintance the owner of the database and secure the info. However, in this instance, since there’s no clear owner of the database, it’s alarming to assume that the leaked data is safe.  

Read next: A super simple guide to using cryptocurrency anonymously