Edition "Businessman”Reported that a database was found in the network that allegedly contained information about 500,000 users of the portal for job search Job in Moscow (jobinmoscow.ru). The database contains not only publicly available data about applicants, but also logins and passwords from accounts. According to official statistics, on November 27, 2019, jobinmoscow.ru posted more than 566,000 vacancies from 209,000 companies, as well as more than 195,000 resumes.
The leak was reported to journalists by the founder and technical director of DeviceLock Ashot Hovhannisyan. The publication reports that some of the logins and passwords from the database were relevant: when you enter some of them, you can go to the user’s pages, but after the journalists notified the representatives of the portal, access was denied.
Representatives of Forex Consulting LLC, which owns the job site, said that a quick analysis of the situation did not reveal any violations of the law on their part, and the company’s specialists are already “analyzing any possible threats to the site’s technical security and taking the necessary steps to prevent unlawful use of the site. "
Group-IB experts, whom reporters asked for comments, noted that if passwords were found in the database, it means that they were most likely stored in clear text. And this indicates a weak security of the authorization process.
Kaspersky Lab experts, in turn, warned that attackers can use someone else’s logged-in data to attempt to penetrate other sites and services, for example, into accounts on social networks or mail. Also, data may enter the fake job market. In such cases, scammers tell the candidate that he is almost hired, but you need to pay for something, for example, for processing documents or work clothes. Of course, after receiving the money, they disappear. Also, attackers can offer “guaranteed” employment for money, which also, in the end, turns out to be a hoax.
The competitors did not see a big problem in what happened. Such a leak is unpleasant, but does not pose significant threats to users, says Alexey Zakharov, founder of SuperJob. According to him, jobinmoscow.ru is not one of the largest market participants, and passwords from it are "hardly interesting to anyone."