The employment website Ladders exposed almost 14 million user records when it left an Amazon Elasticsearch database unprotected.
Security researcher Sanyam Jain found the open server and informed TechCrunch of the situation. After Ladders was informed of the issue the server was quickly taken down the issue is being addressed.
The information that was exposed was similar to what would be found on a resume, including names, addresses, email addresses, phone numbers, and past employment histories.
“The Ladder’s database offered a tremendous economic reward for attackers because it contained years’ worth of valuable data. It is important that companies remove the economic incentive for cybercriminals to attack them by proactively guarding their attack surface and making it too expensive for a cybercriminal to invest the time and resources to breach it,” said Kevin Gosschalk, CEO and co-founder of Arkose Labs.