Disclosures:
Our Reviews

WizCase includes reviews written by our experts. They evaluate the products/services in accordance with their professional standards.

Ownership

WizCase is a leading cybersecurity review website with a team of experts experienced in testing and evaluating VPNs, antiviruses, password managers, parental controls, and software tools. Our reviews are available in 29 languages, making them accessible to a broad audience since 2018. To further support our readers in their pursuit of online security, we've partnered with Kape Technologies PLC, which owns popular products like ExpressVPN, CyberGhost, ZenMate, Private Internet Access, and Intego, all of which may be reviewed on our website.

Referral fees

Wizcase contains reviews that were written by our experts and follow the strict reviewing standards, including ethical standards, that we have adopted. Such standards require that each review will be based on an independent, honest and professional examination of the reviewer. That being said, we may earn a commission when a user completes an action using our links, which will however not affect the review but might affect the rankings. The latter are determined on the basis of customer satisfaction of previous sales and compensation received.

Reviews standards

The reviews published on Wizcase are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings we publish may take into consideration the affiliate commissions we earn for purchases through links on our website.

Indian HR Portal Exposed Personal Data of Over 9 Million People Including Employees and Job Applicants

Indian HR Portal Exposed Personal Data of Over 9 Million People Including Employees and Job Applicants

Ari Denial
Published by Ari Denial on January 25, 2023

The website myrocket.co has accidentally released private information about thousands of employees and millions of job candidates without them knowing.

A publicly accessible database has been discovered with over 260GB of sensitive personal information owned by the Indian HR service and recruitment solution company, myrocket.co.

The data includes information that could identify a person, like full name, parents’ names, phone numbers, bank account details, date of birth, salary, salary slip, tax information, and photocopies of driving license and voter ID. It is estimated that nearly 2,00,000 employees and almost 9 million job candidates were affected.

The researchers informed the officials to be careful as this type of data leak might help hackers set up phishing campaigns to steal money or identities. The company said the issue was caused by a mistake and fixed it when they found out.

“The discovered database was not protected by authentication. The security loophole resulted in millions of private documents being revealed to the public. Worryingly, it also allowed threat actors to modify the data, changing salary amounts and details of bank accounts used for salary payments,” the research team said.

“We found about 435,000 payslips, 300 tax filings, 3,800 insurance payment documents, and 21,000 salary sheets belonging to various companies using the HR platform’s services,” they added.

Since the exposed data includes hashed names and contact information in plain text format, the researchers suggested that people who have worked for the company or used myrocket.co should assume their information has been exposed and take appropriate action.

According to Myrocket officials, “Rocket was recently acquired [Dutch-owned OLX bought it back in 2019], and enforcement of parent company standards is in progress, along with architectural corrections. The parent company follows the highest levels of data safety standards, with its tech teams conducting vulnerability assessments with every release and periodically monthly.”

The company has started an internal investigation and scheduled a vulnerability assessment and penetration testing (VAPT test) to ensure user data safety.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback