Ladders Data Leak: Over 13M User Records Exposed Due To Cloud Misconfiguration

Popular job recruitment website Ladders, reportedly accidentally exposed over 13 million user records. The data leaked contained information such as users' names, addresses, email addresses, phone numbers, employment histories, and more. The exposed records also contained users' detailed employment descriptions, such as previous jobs, current salaries, and the desired industry in which they are hunting for jobs.

The data was stored in an Amazon Web Services (AWS)-hosted Elasticsearch database without any password protection, Techcrunch reported. The lack of password protection would have allowed anyone to access the database, which reportedly contained several years' worth of data. The leaked information also included the data of around 379,000 recruiters' personal data.

The leaky database was discovered by Sanyam Jain, a member of the non-profit organization GDI Foundation, Techcrunch reported. The data leak was confirmed by Ladders' founder and CEO Marc Cenedella.

“AWS confirms that our AWS Managed Elastic Search is secure, and is only accessible by Ladders employees at indicated IP addresses. We will look into this potential theft, and would appreciate your assistance in doing so,” Cenedella said in a statement, Techcrunch reported.

Data leaks caused due to cloud misconfiguration have become increasingly common over the past few years. Such leaks have led to the exposure of millions of users' personal and sensitive information. In most cases, such data leaks are caused due to human error – forgetting to add a password to protect the cloud-based database.

It is unclear whether the data exposed by Ladders was accessed by any unauthorized parties. It is also unknown as to how long the data was exposed before it was discovered by Jain. Techcrunch reported that the database was taken offline within an hour of it being reported to Ladders.