Cyber Incident Victim: IIMJobs

On November 23, 2020, a threat actor leaked the database of Indian job portal IIMJobs.com on a prominent hacking forum. The breach exposed approximately 46GB of data containing records for 1.4 million registered users, including both job seekers and recruiters. The compromised information consisted of names, email addresses, phone numbers, geographic location coordinates (longitude and latitude), occupational or industry details, and LinkedIn profile links. Analysis confirmed the leaked data primarily originated from 2019, with some records dating back to January of that year. The attacker additionally circulated a parsed version of the database containing email addresses paired with password hashes encrypted using the MD5 algorithm, a known vulnerable cryptographic method susceptible to rapid decryption. Security researcher Rajaharia verified the use of MD5, emphasizing its outdated nature and ease of compromise by malicious actors. IIMJobs, operated by Highorbit Careers following its 2019 acquisition by InfoEdge, ranked among India's top 700 websites by traffic at the time of the incident.

The exposure of precise geographic coordinates and professional LinkedIn profiles significantly increased risks of targeted phishing, physical security threats, and identity fraud for affected individuals. The inclusion of MD5-hashed passwords, lacking modern salting or robust hashing mechanisms, enabled attackers to potentially decrypt credentials at scale, amplifying credential-stuffing risks across other platforms where users might have reused passwords. The database appeared on Russian-language hacking forums, broadening its accessibility within cybercriminal ecosystems. No public statements from IIMJobs or InfoEdge regarding incident response, containment measures, or user notifications were documented in the available source material at the time of reporting. The breach underscored persistent vulnerabilities in credential storage practices among online platforms handling sensitive user data.