Notification of the recent incident on ITviec.com related to user sign-in process
This is the notification to our users and customers regarding an incident which we encountered recently: a user’s personal data breach incident involving signing in to user accounts on our website itviec.com. As soon as we were aware of the incident, we immediately took steps to investigate and contain the vulnerability that allowed it to occur.
Although we are unaware of any actual misuse of your information, to keep our service secure and in compliance, we are providing public notification to you on this incident, the actions that we took and its latest updates.
What happened and what did we do?
We recently became aware that after signing in, certain users were accidentally able to access another user’s account.
After receiving the notice, we took immediate security steps to contain the incident, including forcing unusual sign-ins to be revoked and closely monitoring the sign-in activity. This way, the user’s information would not be affected if the system detected unusual behavior during the sign-in process. Despite the fact that most users accessed ITviec normally, this action might have caused our system to sign out certain users. We sincerely regret causing some users unpleasant experiences during this time period.
Simultaneously, we engaged outside security experts and conducted a wide scale investigation for several months. As a result, we were able to identify the root cause of this incident and have already resolved it.
In addition, we took the necessary steps to notify the privacy law enforcement authority. We have notified and kept in touch with the affected ITviec users who reported the incident. We have already taken additional security enhancement steps to prevent future happening of this type of incident.
What kind of user data was affected?
Based on what we learned, types of user information that have been accidentally disclosed or accessed by another user are:
- Account information, eg. name, email, excluded password
- User profile information, eg. working history, education, address, phone number, CV files, photos
- Job preference information, eg. subscription list, saved jobs
- Job application history
As a result, the information of the affected user might be accidentally altered by another user without either users’ consent.
Number of affected users
We recognized that fewer than 5 users were affected by this incident.
What you can do
We believe that the same issue will not happen again. However, if you notice unusual behaviors of your account on itviec.com, please inform us immediately via:
Please help us keep track of the issue you encountered by giving us a timeline log description and screenshots (if possible). Our representative will respond within the next 72 hours.
We would like to express our sincere apology for any inconveniences caused. Protecting our users’ information and fostering an environment built on trust remain our top priority. We are consistently committed to enhancing our security enhancements to ensure its safety, so that together we can continue to create a better place for IT people to advance their careers, and to help IT companies find awesome candidates.
Thank you, for your continued trust in us throughout the IT career journeys.
The ITviec team
If you have further detailed questions that need answers, please access the official Questions and Answers about the security incident in this link.