The employment website Ladders exposed almost 14 million
user records when it left an Amazon Elasticsearch database unprotected.
Security researcher Sanyam Jain found the open server and informed TechCrunch of the situation. After Ladders was informed the server was quickly taken down and AWS confirmed to TechCrunch that the server was exposed and it would investigate what transpired.
The information that was exposed was similar to what would be found on a resume, including names, addresses, email addresses, phone numbers and past employment histories.
“The Ladder’s database offered a tremendous economic reward
for attackers because it contained years’ worth of valuable data. It is
important that companies remove the economic incentive for cybercriminals to
attack them by proactively guarding their attack surface and making it too
expensive for a cybercriminal to invest the time and resources to breach it,”
said Kevin Gosschalk, CEO and co-founder of Arkose Labs.
Gloss