DeviceLock experts discovered a data leak of almost 5 million users in the Russian Federation, presumably from one of the employment portals; the database contains contact information and last names, first and middle names of users, said Ashot Hovhannisyan, founder and technical Director of DeviceLock, a developer of data leakage control systems.
"A set of files was published yesterday (on 22 June), it is likely to be unloaded from the SuperJob portal database. In total, all files contain 5 million lines. Files can be downloaded for free," said he.
According to Hovhannisyan, the files contain last names, first and middle names, gender, date of birth, phone number, email address, city, desired salary level, as well as the name of the mobile operator, region and time zone of users.
The expert noted that the leak could have occurred due to a vulnerability in the database server.
According to Hovhannisyan, the database has a similar volume and format to the data from the SuperJob portal that appeared on specialized forums in early 2017, so not all information may be relevant. "The database does not contain payment data, so it will most likely be used for spam. There may also be attempts to use it for fraudulent actions in the field of recruitment – for example, offers of paid publication or mailing of resumes," added he.
However, the SuperJob service rejected the statement of the founder and technical Director of DeviceLock about the leak of personal information of 5 million of its users.
It is worth noting, according to Hovhannisyan, the information was contained in several Excel files. However, the company said that they store user information in a completely different format. In addition, the service does not record information about operators. A spokesperson suggested that the leak may be related to an external ATS (an applicant tracking system), stressing that information of users is secure.