AIESEC, which is a non-governmental organization that provides young people with resources to help them jumpstart their careers, had their Elasticsearch server breached. The leak of information exposed four million intern applications that had email addresses, full names, dates of birth, gender, applicants’ reasons for applying, and details of their interviews. Users who could possibly be affected, as well as the GDPR authorities have both been contacted. AIESEC also released a statement, “We take the security of our customers’ information extremely seriously. After looking into this matter, we immediately secured the vulnerability, disabling unauthorized access to the cluster. The data was cached on the node for testing purposes and mistakenly left unsecured. We can confirm that the server now contains no sensitive information.” They claim the vulnerability stems from tweaks they are making in an infrastructure improvement project.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased