Chinese hackers steal data of nearly half of Taiwan's workforce

Chinese hackers suspected of breaking into Taiwanese online job banks over Mid-Autumn Festival

(Getty Images)

(Getty Images)

TAIPEI (Taiwan News) — Chinese hackers allegedly stole personal data from millions of users of popular job sites in Taiwan and began selling the information on the dark web over the Mid-Autumn Festival holiday.

National security officials were cited on Sunday (Oct. 4) by Liberty Times as saying that Chinese hackers broke into a popular Taiwanese job bank and stole the personal data of over 5.92 million job applicants just before the start of the Mid-Autumn Festival. Starting on Oct. 1, the official start of the national holiday, data was being offered up for sale in a trading forum on the dark web.

According to the officials, after carrying out in-depth patrols for illegal transactions on the internet, they happened upon an account named "rootkit" that was selling sets of personal data on the dark web for between US$500 and US$1,000 each. The details of the leaked information include the job applicants' ID number, name, date of birth, mobile phone, email, and home address.

The 5,924,397 victims reportedly ranged in age between 20 and 58 years. Based on an analysis of the data breached, investigators believe that the information was released from Taiwan's largest job bank, which at over 5.9 million users, accounts for nearly half of Taiwan's workforce of 12 million.

The attack took place just before the start of China's "Golden Week," which combines both the Mid-Autumn Festival and the founding of the communist regime on Oct. 1. Investigators are uncertain whether the hackers considered the holidays to be a vulnerable period to make a quick profit or were motivated by propaganda purposes related to the Chinese Communist Party (CCP).

On Monday (Oct. 5), Taiwan's largest online job-hunting website 104 Job Bank issued a statement claiming that the data leaked from its website was old data hacked in 2013, according to CNA. As for the total amount of personal records leaked, it is still carrying out an investigation.

The job site emphasized that information security is a neverending process. The company claimed that in recent years, it has deployed and implemented a number of information security protection technologies, including source code detection, vulnerability scanning, penetration testing, data loss detection, defense against endpoint attacks, intrusion detection and prevention, log analysis, and network and website application firewalls.

The job bank then pledged that in the future it will continue to strengthen the construction of information security to protect the personal information of users. If job seekers still have concerns about their personal data, the company recommends they consult with 104 Job Bank customer service staff at (886) 02-29-126-104.

Meanwhile, netizens on the popular online message board PTT claimed that Taiwan's other major job-seeking site, 1111 Job Bank, was also hacked and the personal data of 3.35 million users was stolen. In response, 1111 Job Bank said that the case is under investigation and it does not wish to make any public comments on the matter at this time, reported ETtoday.

PTT users claimed that the data leaked from 1111 Job Bank was even more detailed than what had been pilfered from 104 Job Bank and came from 2019 archives. The data allegedly leaked from 1111 Job Bank included ID number, name, gender, date of birth, height, weight, blood type, phone number, mobile phone number, e-mail, street address, education, resume, and other personal information.