Attack on Job Portal Compromises DataNot Yet Clear How Hackers Accessed Naukri.com Database
Hackers have reportedly compromised over one lakh resumes uploaded on Naukri.com, an India-based job portal. A preliminary investigation has revealed that the IP address of the laptop used for the hacking was from Nigeria, according to the Deccan Herald.
Although there has been no official confirmation about how the data was breached, it appears the attackers had access to the file server where the resumes were stored.
Naukri.com did not immediately reply to Information Security Media Group' request for comment.
Based on the information within the resumes, the hackers may be able to launch further attacks on individuals whose data was compromised.
"The data in the resumes can be used by attackers to launch various phishing and fraudulent attacks on the users," says Pradeep Menon, chief officer at Lakshya Cyber Security Labs. "Since job calls from dream companies are aspirational in nature, the user's gullibility would be exploited by the attackers."
Detecting the Breach
The incident came to light after Klaus IT Solutions, an IT firm that manages Naukri.com's server, registered a complaint with cyber police, according to the Deccan Herald report. Officials from the cybercrime cell then wrote a letter to Naukri.com seeking details of the hack, the report notes.
Klaus IT Solutions representatives stated in their complaint that Naukri.com had outsourced the work of maintaining their server to the company and the server has been hacked for the first time, the news report says.
The cyber cell department of Bangalore did not immediately reply to a request for comment.
Security experts are weighing with theories on what led to the data breach.
"It could be a typical case of web application vulnerability. ... It could also be a case of unpatched operating system," says the CISO of a global bank, who asked not to be named.
"Some of the common ways to access a database are through SQL injection, which indicates a vulnerability on the way the software is written," says Sandesh Anand, a security consultant with a global electronic automation company. "There is also a possibility of leakage of authentication information of the database, which indicates a weakness in the way the database was configured or there could be issues with weak access control mechanisms."
In fact, some security experts don't rule out the possibility the hackers took advantage of an OWASP vulnerability, including the use of cross-site scripting, a kind of attack in which malicious scripts are injected into trusted websites. These scripts can even rewrite the content of the HTML page.
Naukri.com should immediately perform a root cause analysis into how this breach occurred and then fix the vulnerability, security experts stress.
"Once the immediate incident is contained, they should focus on building security into their SDLC [software development lifecycle]. This is best done by having a sanctioned information security group within the organization," Anand says.