DarwinBox -Datenleck: Cyberx9 finds weaknesses: Rediff Moneynews

Neu-Delhi, May 1st (PTI) A research company for cyber security has determined weaknesses in the HR-Tech start-up Darwinbox, which could possibly uncover employee data for the company and its customers.

However, Darwinbox denied that the violation comes from its platform and that the problem instead can be attributed to the theft of login information on the client page and data leaks on the dark web.

Darwinbox is supported by Marquee investors such as KKR, Peak XV and Lightspeed India and includes several important companies, including Bharti Group, Adani Group, the Tata Group, the Yashoda Hospitals, TVS and JSW.

In his report on Tuesday, Cyberx9 announced that weaknesses were discovered that could be exploited to uncover complete confidential personal identification information (PII) of all companies of companies, use the DarwinBox using DarwinBox as well as the PII and the CVs from applicants on the platform.

“However, the exposed information is not limited to details of Darwinbox customers' details such as the full names of the employees, the telephone number and the E -Mail address of the employees, the detailed designation and location of employees, photos of applicants who have applied for a job on DarwinBox, and their CV, according to the cyberx9 report.

The report claimed that two weaknesses in the Darwinbox -HR application could possibly enable access to the sensitive data of all employees who use the platform. However, Darwinbox has refuted the claim.

Cyberx9 stated that a data end point on Darwinbox only takes a value that is Data_ID who is the employee ID in the application of the respective company employees in the area of ​​000000-99999. The use of these values ​​in the data end point results in many personal and sensitive data from employees.

The cyber security company also found a leaked login information of an old Darwinbox account that opened on an application type, a platform that suffered a data injury in 2024.

“The leaked login information of the Typform account of the career team from Darwinbox, which leads to the unveiling of sensitive personal information, including the résumés of people who applied for a job on Darwinbox,” said cyberx9.

The cyber security company questioned IT security procedure on Darwinbox.

“If Darwinbox knew about these leaked login information, why did you not change it to protect the data of the sensitive customers, or did you deliberately escape the data?” Cyberx9 founder and MD Himanshu Pathak asked.

Cyberx9 said that the details of the weak points on Darwinbox were shared before the report was released, and the HR technology company admitted that the efforts of the security research company “contributed sensibly to strengthen the security center of our platform”.

Pathak claimed that the HR -Tech platform confirmed the implementation of corrections for the weaknesses registered by Cyberx9 in the Darwinbox system. However, Darwinbox explained that in response to the recent claims by Cyberx9, he carried out a thorough internal examination and confirmed that the violation emphasized in the report did not come from his platform.

Darwinbox talks about the first susceptibility to security that companies could uncover from companies with the help of their platform, and said that the incident described in the report was not susceptible to security or violations within the Darwinbox system.

“The user's login information was present by previous leaks that are publicly available for violations, probably based on malware infections on personal devices. Our examination of the report mentioned confirms that the systems of Darwinbox remain safe and safe. No non -authorized access or infrastructure compromise has occurred on the DARWINBOX website,” says the company.

In his communication with Cyberx9, the HR technology company also explained that the blankability of the end data point, which is highlighted in the report, is limited to users who work within your company, and it is agreed that the improvement of the installment boundaries (information layers that an employee can access) can further improve protection against the risk.