AIESEC, which is a non-governmental organization that provides young people with resources to help them jumpstart their careers, had their Elasticsearch server breached. The leak of information exposed four million intern applications that had email addresses, full names, dates of birth, gender, applicants’ reasons for applying, and details of their interviews. Users who could possibly be affected, as well as the GDPR authorities have both been contacted. AIESEC also released a statement, “We take the security of our customers’ information extremely seriously. After looking into this matter, we immediately secured the vulnerability, disabling unauthorized access to the cluster. The data was cached on the node for testing purposes and mistakenly left unsecured. We can confirm that the server now contains no sensitive information.” They claim the vulnerability stems from tweaks they are making in an infrastructure improvement project.
Analyst Notes
Due to email addresses being exposed users should be on the lookout for phishing and spam emails. Attempts to use the identity of exposed users could also be seen. Users should ask AIESEC questions about how they can help protect their data further.
