Cybercrime , Data Loss Prevention (DLP) , Fraud Management & Cybercrime

Attack on Job Portal Compromises Data

Not Yet Clear How Hackers Accessed Naukri.com Database
Attack on Job Portal Compromises Data

Hackers have reportedly compromised over one lakh resumes uploaded on Naukri.com, an India-based job portal. A preliminary investigation has revealed that the IP address of the laptop used for the hacking was from Nigeria, according to the Deccan Herald.

See Also: Live Webinar | How the Assume Breach Mentality Limits ROI of Security Programs

Although there has been no official confirmation about how the data was breached, it appears the attackers had access to the file server where the resumes were stored.

Naukri.com did not immediately reply to Information Security Media Group' request for comment.

Based on the information within the resumes, the hackers may be able to launch further attacks on individuals whose data was compromised.

"The data in the resumes can be used by attackers to launch various phishing and fraudulent attacks on the users," says Pradeep Menon, chief officer at Lakshya Cyber Security Labs. "Since job calls from dream companies are aspirational in nature, the user's gullibility would be exploited by the attackers."

Detecting the Breach

The incident came to light after Klaus IT Solutions, an IT firm that manages Naukri.com's server, registered a complaint with cyber police, according to the Deccan Herald report. Officials from the cybercrime cell then wrote a letter to Naukri.com seeking details of the hack, the report notes.

Klaus IT Solutions representatives stated in their complaint that Naukri.com had outsourced the work of maintaining their server to the company and the server has been hacked for the first time, the news report says.

The cyber cell department of Bangalore did not immediately reply to a request for comment.

Modus Operandi

Security experts are weighing with theories on what led to the data breach.

"It could be a typical case of web application vulnerability. ... It could also be a case of unpatched operating system," says the CISO of a global bank, who asked not to be named.

"Some of the common ways to access a database are through SQL injection, which indicates a vulnerability on the way the software is written," says Sandesh Anand, a security consultant with a global electronic automation company. "There is also a possibility of leakage of authentication information of the database, which indicates a weakness in the way the database was configured or there could be issues with weak access control mechanisms."

In fact, some security experts don't rule out the possibility the hackers took advantage of an OWASP vulnerability, including the use of cross-site scripting, a kind of attack in which malicious scripts are injected into trusted websites. These scripts can even rewrite the content of the HTML page.

Naukri.com should immediately perform a root cause analysis into how this breach occurred and then fix the vulnerability, security experts stress.

"Once the immediate incident is contained, they should focus on building security into their SDLC [software development lifecycle]. This is best done by having a sanctioned information security group within the organization," Anand says.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.