Zack Whittaker reports:
AIESEC, a non-profit that bills itself as the “world’s largest youth-run organization,” exposed more than four million intern applications with personal and sensitive information on a server without a password.
Bob Diachenko, an independent security researcher, found an unprotected Elasticsearch database containing the applications on January 11, a little under a month after the database was first exposed.
The database contained “opportunity applications” contained the applicant’s name, gender, date of birth, and the reasons why the person was applying for the internship, according to Diachenko’s blog post on SecurityDiscovery, shared exclusively with TechCrunch. The database also contains the date and time when an application was rejected.
Read more on TechCrunch.