Catalin Cimpanu reports:
Chinese companies have leaked a whopping 590 million resumes in the first three months of the year, ZDNet has learned from multiple security researchers.
Most of the resume leaks have occurred because of poorly secured MongoDB databases and ElasticSearch servers that have been left exposed online without a password, or have ended up online following unexpected firewall errors.
Read more on ZDNet.
Graham Cluley comments on this situation on TripWire.
So…. will half a billion people get individually notified by these Chinese firms? I’ve tried to understand China’s legal framework for notification in the event of a leak or vulnerability, but I still can’t predict with any confidence whether notification will be required — or made — in this case.