Ladders, one of the most popular job recruitment sites in the U.S. learned of a cyber attack which left an Amazon-hosted Elasticsearch database exposed without a password, allowing anyone to access the data.
Each record included names, email addresses and their employment histories, such as their employer and job title.
The user profiles also contain information about the industry they’re seeking a job in and their current compensation in U.S. dollars.
More than 379,000 recruiters’ information was also exposed, though the data wasn’t as sensitive.
TPRM report: https://scoringcyber.rankiteo.com/company/ladders
"id": "lad14620323",
"linkid": "ladders",
"type": "Data Leak",
"date": "05/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': ['Users', '379,000 Recruiters'],
'industry': 'Job Recruitment',
'location': 'U.S.',
'name': 'Ladders',
'type': 'Company'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'personally_identifiable_information': ['Names',
'Email Addresses'],
'sensitivity_of_data': 'Medium',
'type_of_data_compromised': ['Personal Information',
'Employment Information',
'Compensation Information']},
'description': 'Ladders, one of the most popular job recruitment sites in the '
'U.S., experienced a data breach where an Amazon-hosted '
'Elasticsearch database was exposed without a password, '
'allowing unauthorized access to user data.',
'impact': {'data_compromised': ['Names',
'Email Addresses',
'Employment Histories',
'Industry Seeking Job In',
'Current Compensation'],
'systems_affected': ['Amazon-hosted Elasticsearch Database']},
'title': 'Ladders Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Exposed Elasticsearch Database without Password'}