Another day, another Indian job site targeted by hackers. This time, the database of Indian job board IIMJobs was leaked on a prominent hacking forum after the website suffered a data breach.
The targeted domain IIMJobs.com is operated by Highorbit Careers which was acquired by InfoEdge in 2019.
According to Hackread.com’s analysis, the database was leaked on November 23rd, 2020 containing up to 46GB of data belonging to jobseekers and recruiters registered with IIMJobs.
It can be confirmed that approximately 1.4 million registered users of the website have been affected by the data breach.
The leaked data includes sensitive personal information such as names, email addresses, phone numbers, geographic location, occupation/industry of work, and their LinkedIn profiles links.
What’s worse for the affected users is that the parsed version of the database containing email addresses and password hashes in the MD5 algorithm is now being circulated on the Russian hacker forum as well.
It is worth noting that MD5 hashes are easy to crack therefore if you are an IIMJobs user change your password right now.
Hackread.com’s analysis also indicates that the leaked data is not too old as a majority of it was from last year, some of the information dating back to January 2019. This includes the exact location of the users, including longitude and latitude, and encrypted passwords.
Rajaharia stated that the passwords are encrypted using the MD5 message-digest algorithm. It is an outdated method of data encryption, and any hacker can decrypt it easily.