Indian HR Portal Exposed Personal Data of Over 9 Million People Including Employees and Job Applicants - 1

Indian HR Portal Exposed Personal Data of Over 9 Million People Including Employees and Job Applicants

  • Written by Ari Denial Cybersecurity & Tech Writer

The website myrocket.co has accidentally released private information about thousands of employees and millions of job candidates without them knowing.

A publicly accessible database has been discovered with over 260GB of sensitive personal information owned by the Indian HR service and recruitment solution company, myrocket.co.

The data includes information that could identify a person, like full name, parents’ names, phone numbers, bank account details, date of birth, salary, salary slip, tax information, and photocopies of driving license and voter ID. It is estimated that nearly 2,00,000 employees and almost 9 million job candidates were affected.

The researchers informed the officials to be careful as this type of data leak might help hackers set up phishing campaigns to steal money or identities. The company said the issue was caused by a mistake and fixed it when they found out.

“The discovered database was not protected by authentication. The security loophole resulted in millions of private documents being revealed to the public. Worryingly, it also allowed threat actors to modify the data, changing salary amounts and details of bank accounts used for salary payments,” the research team said.

“We found about 435,000 payslips, 300 tax filings, 3,800 insurance payment documents, and 21,000 salary sheets belonging to various companies using the HR platform’s services,” they added.

Since the exposed data includes hashed names and contact information in plain text format, the researchers suggested that people who have worked for the company or used myrocket.co should assume their information has been exposed and take appropriate action.

According to Myrocket officials, “Rocket was recently acquired [Dutch-owned OLX bought it back in 2019], and enforcement of parent company standards is in progress, along with architectural corrections. The parent company follows the highest levels of data safety standards, with its tech teams conducting vulnerability assessments with every release and periodically monthly.”

The company has started an internal investigation and scheduled a vulnerability assessment and penetration testing (VAPT test) to ensure user data safety.

New Dark Pink APT Group Attacks the Government Bodies and Militaries in Asia-Pacific - 2

New Dark Pink APT Group Attacks the Government Bodies and Militaries in Asia-Pacific

  • Written by Ari Denial Cybersecurity & Tech Writer

Dark Pink is an advanced persistent threat (APT) group that uses spear phishing techniques to target various entities across Asia-Pacific and Europe.

Between June and December 2022, a group called Dark Pink launched numerous APTs. There were attacks against a number of Asian countries, including Vietnam, Cambodia, Indonesia, the Philippines, and Malaysia. Bosnia and Herzegovina, a country in Europe, was also attacked.

“Group-IB’s early research into Dark Pink has revealed that these threat actors are leveraging a new set of tactics, techniques, and procedures rarely utilized by previously known APT groups. They leverage a custom toolkit, featuring TelePowerBot, KamiKakaBot, and Cucky and Ctealer information stealers (all names dubbed by Group-IB) with the aim of stealing confidential documentation held on the networks of government and military organizations,” said a Group-IB Malware Analyst .

According to reports, the initial vector of Dark Pink’s attacks was spear phishing campaigns, where the operators would impersonate job applicants. Dark Pink can also infect USB devices connected to infected computers. Additionally, it has the ability to access the messengers installed on compromised computers.

The security team informed that the threat actors had also created PowerShell scripts to communicate between victims and their infrastructure, and they used Telegram API to communicate with infected infrastructure.

“Countries of the Asia-Pacific region have long been the target of advanced persistent threat (APT) groups. Earlier Group-IB research found that this region has often been a “key arena” of APT activity, and a mixture of nation-state threat actors from China, North Korea, Iran, and Pakistan have been tied to a wave of attacks in the region. More often than not, the primary motive for APT attacks in the Asia-Pacific (APAC) region is not financial gain, but rather espionage,” Group-IB officials figured out.

In their research report (published on January 2023), the Group-IB security analysts informed that the Dark Pink APT group and the threats are still active. The officials are investing the issue further to determine its scope. They suggested organizations take the precautions mentioned below to prevent hacking:

  • Use business email protection tools .
  • Introduce a cybersecurity culture in the workspace.
  • Limit file-sharing access to confidential resources.
  • Only use trustworthy tools with good reputations to get things done.