"HR Platform's Data Leak Turns Into Privacy Nightmare for Employees"

The Cybernews research team uncovered a publicly open database containing 260 GB of sensitive personal data belonging to myrocket[.]co on December 12, 2022. The Human Resources (HR) management platform provides end-to-end recruitment solutions and HR services to businesses in India. It is estimated that almost 200,000 employees and nearly nine million job applicants were compromised by the data breach. Researchers warn that such data leaks are dangerous because they could help threat actors craft phishing attacks, facilitate forgery and identity theft, and trick businesses into making payments. The company stated that a misconfiguration was the cause of the issue and resolved it upon being notified. The discovered database was not protected by authentication. The security flaw exposed millions of confidential documents to the general public. The threat actors were also able to edit the data, altering compensation amounts and bank account information used for salary payments. About 435,000 payslips, 300 tax filings, 3,800 insurance payment records, and 21,000 salary sheets belonging to various organizations using the HR platform's services were discovered by researchers. The database contained sensitive and Personally Identifiable Information (PII) of employees, such as names, taxpayer information, personal identification numbers, emails, phone numbers, bank details, parent names, dates of birth, salaries, payslips, employee roles, insurance and tax information, work contracts, and even photocopies of personal documents. This article continues to discuss the exposure of personal information of employees and job candidates by an HR management platform, the company's response, and how those affected can protect themselves.

Cybernews reports "HR Platform's Data Leak Turns Into Privacy Nightmare for Employees"