Zhaopin Jobs claims to have 180 million users and regards user information security and privacy protection as its “lifeline”. However, in a QQ group called “58 Zhilian Fans”, the reporter paid a buyer 7 yuan and bought a resume of job applicants on Zhaolian Recruitment. The job applicant’s name, gender, age, photo, contact information, work experience, education experience and other information are all available on the resume.

How were these personal resumes leaked and trafficked in the QQ group? The reporter found that in Zhaolian Recruitment, as long as the corporate account pays to apply for membership, it is possible to download a complete resume containing key information such as name, phone number and email address without limit on the number. The reporter also found that there are people selling corporate accounts of Zhaolian Recruitment. Registration of corporate accounts and fake qualification applications can also be passed. Similar problems do not only occur in Zhaopin recruitment. The reporter found that 51job.com and Liepin.com only need to pay a fee to download the complete resume of job applicants for corporate accounts. There are also management loopholes in corporate accounts.

The police investigation found that criminals obtained resumes through corporate accounts on the one hand; on the other hand, they purchased resumes in bulk through QQ groups. Through this approach, a large amount of personal resume information has continuously flowed into the criminals’ black hands. In recent years, police in various places have cracked many similar cases. In one of the suspect’s hard drives, there are more than 7 million such citizen resumes stored.

Source: CCTV Finance Weibo


By stockin

0 0 vote
Article Rating
Notify of
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
7 months ago

The point I interpret from this news is that in these mainstream recruitment platforms, as long as you have a corporate account or a high-privileged account (to put it bluntly, you can pay more), you can get everything you want. The required resume. In fact, when I was an employer in a company and searched for the person I wanted to hire with our company’s corporate account, I already knew it very clearly. It was also during that period that I successively deleted all my previously registered accounts, including those semi-social accounts like LinkedIn. Many people may just think that the main way for a company to obtain a resume is that someone submits it, and then they see your resume. In fact, many times, companies cannot receive enough satisfactory candidates, and sometimes they are in a hurry to recruit individuals. Today, there is a shortage of individuals. I hope that I can negotiate as soon as possible next week and prepare to take office. At this time, in addition to traditional headhunting, you can also use advanced accounts to search on these platforms. As long as your authority is high enough, you can see enough and detailed resumes. To be honest, when I searched for resumes, I found not only the resumes of many of my classmates, but also the resumes of many old colleagues, old leaders, and even people I knew who were teachers in colleges and universities before, because the mixed circle was relatively small. , I also searched a lot of resumes of new companies I joined later, and people I didn’t know at that time. Moreover, many so-called headhunting companies, even think tank companies, will spend a long time buying the resumes of practitioners in certain fields, and then they will become their own talent pools, which can be contacted or recommended to clients when appropriate. These are learned slowly when recruiting or when dealing with relevant practitioners. Only through these did I know who seemed to not want to change jobs at all, and wanted to work in a company until the same time. In fact, the resume has been active, but it is hidden deeper. It was also during that period that it was revealed that certain companies developed personnel early warning services. Based on the dynamics of these people on the recruitment website, the company was alerted that some employees might be waiting to see new jobs. This is actually not a high-tech. The mainstream circle of a traditional industry is actually very small, especially if there are only a few companies going back and forth in a large area, and there are only so many employees at a certain level and above. The focus is on monitoring. A few hundred people can serve many companies at the same time. Don’t think that the company will pay attention to the dynamics of each employee. It is really affectionate. Most companies only pay attention to the dynamics of people in certain important positions. Of course, there are some people who may not pay attention to this. They refresh their LinkedIn homepages or recruitment websites every day, and update them with new achievements. For fear that people in the circle don’t know, they are always promoting themselves. The most representative one I have seen is an HR of a US-funded company. She put her LinkedIn homepage directly under her mailbox, and marked the type, level and level of the position she was interested in in the most conspicuous position. The salary, and the highlighted font specifically explained what kind of position can you talk to her, and don’t talk to her for any of the following. Anyone who has received this person’s email can see it. So, this is not a problem of personal information loss, but whether the platform has the right to treat the user’s resume as a product at will and sell it everywhere? And in this era when job seekers are generally in a disadvantaged position, do companies have the right to ask job seekers to provide the most detailed resume at will, and then say that they do not meet the requirements, and there is not even an interview, and then it is gone? I have seen a lot of companies, and the applicants must state their hometown, parents’ hometown, and work unit. If they don’t, they are not allowed to come to the interview. All these need to be regulated by the state, otherwise the environment faced by job seekers will continue to deteriorate.

7 months ago

Everyone’s information is exposed at this moment! Submitting resumes through the platform is the only way for most job seekers, including myself. In fact, I realized this problem a few years ago. I remember that when the Legal Department was recruiting legal counsel, HR gave me part of the authority and asked me to find what I thought was appropriate. Then I found that the resume inside could be downloaded casually, regardless of whether it met my needs, as long as Registered company account. It can be said that the information in the resume is very complete and true, because the responsibility for the falsification of the resume is well known to us, so the disclosure of the resume is to disclose all the family information of a person, including But it is not limited to contact information, family member information, home address, education school, work experience, and unit name at a glance. How is this information distributed through what channels? I already talked about it at the 315 party. Many groups are selling such information. There is a market where there is demand. You can buy a detailed resume for 7 yuan, and you can even retrieve the resume accurately. This is a combination of inside and outside the gang. Why is personal information so easy to be collected and traded? One is that electronic communication equipment is extremely powerful now. The other is that the cost is not high, and the law is not responsible for the public, which has caused many people or institutions to unscrupulously disclose and trade. The privacy of others. Such behavior has touched the security and stability of the network and the personal safety and information protection of other individuals. According to Article 12 of the “Supreme People’s Court’s Provisions on Several Issues Concerning the Application of Law in the Trial of Civil Dispute Cases Involving the Use of Information Networks to Infringe Personal Rights and Interests”, network users or network service providers use the network to disclose natural persons’ genetic information, medical records, health examination materials, and crimes. Where personal privacy and other personal information such as records, home addresses, private activities, etc. cause damage to others, and the infringed party requests him to bear the tort liability, the people’s court shall support it. The Interpretation of the Supreme People’s Court and the Supreme People’s Procuratorate on Several Issues Concerning the Application of Law in Handling Criminal Cases of Infringement of Citizens’ Personal Information clearly stipulates the scope of “citizens’ personal information”. The “citizens’ personal information” in the relevant provisions of the Criminal Law refers to electronic or Information recorded by other methods that can identify a specific natural person alone or in combination with other information or reflect the activities of a specific natural person, including name, ID number, communication contact information, address, account password, property status, whereabouts, etc. Article 9 of the judicial interpretation. If a network service provider refuses to perform the information network security management obligations stipulated by laws and administrative regulations, and is ordered to take corrective measures by the supervisory authority but refuses to make corrections, causing the leakage of the user’s citizen personal information and causing serious consequences, it shall In accordance with the provisions of Article 286 of the Criminal Law, convicted and punished for refusing to perform the obligation of information network security management. In summary, there are specific regulations for infringement of personal information in criminal and civil matters. Increase punishment, increase punishment, increase punishment. Unless required by law, no one’s privacy and information space may be touched.

7 months ago

Tell a horror story to everyone. Last year, a netizen came to consult. Her story can let you know how serious the consequences of personal information leakage are. The cause of the incident was an online loan, several thousand dollars, she didn’t tell me the purpose, I guess it was just to buy a new mobile phone. I found an unknown small platform on the Internet, and the other party asked her to sign a contract, sent the other party a photo of her ID, and then asked her to download an app to do personal face recognition verification, the reason is to check the ID The authenticity of. She didn’t have a strong sense of personal risk. It was estimated that she was thinking about mobile phones at the time. If she paid a few thousand dollars next month, she would be paid back. She didn’t think much about these requirements, and accepted everything. Later, the money was paid back, and she thought it would be over. However, the climax came. More than a year later, she received a call from the Industrial and Commercial Bureau of a province thousands of miles away, asking her why she had registered a company with a fictitious office address, and asked her to come to the bureau to explain the situation within a time limit. She was bewildered and at a loss as she listened to the company name on the phone. I helped her check it in the system, and the results shocked me. Guess how many companies she has in some well-known small counties thousands of miles away? More than a dozen! She is the legal representative of most companies, and she has subscribed for a certain percentage of capital contributions in all companies. These companies are small companies with a registered capital of less than 500,000, and they look like a pile of empty shells. She asked me, does this have any adverse effect on me? I took a deep breath and calmed down my emotions and told her that it had a great impact! If these companies have signed a contract and are insolvent, you, as a shareholder, have to pay up their registered capital when they go bankrupt; if the company has a loan that cannot be repaid, you, as the legal representative, may be restricted from high consumption and even affect personal credit; if These companies are factories in the gray industry of value-added tax invoices or funding channels for money laundering, so you may be involved in a criminal case (although it should be fine in the end). After listening to me, she almost cried, and asked me what to do? To be honest, when asked what kind of contract she had signed, she forgot, and asked her the name of the other party’s platform, the app name can’t be remembered, and I don’t know what to do. . . I can only tell her to contact the industrial and commercial authority of the other province first, and complete the accusation procedure, and strive for self-examination and self-correction by the industrial and commercial authorities to remove her name. At the same time, go to the bank to find out the main information of the lending institution, and if necessary, go to the public security to file a case against the other party for violating citizen information. Later, I didn’t know the following, because she never came to me again, and didn’t know if she solved the trouble. But every time I think about it, my back feels cold.

7 months ago

There are two ways for resumes to flow into the black market. The first kind of platform needs to be changed, and the second kind of people have to be careful. The first type: We are pleased to be sold directly to the fake company by the platform. As mentioned in the party, the company downloads the resume directly. This is a loophole. The model of selling resumes on the three major recruitment websites has lasted for more than 20 years. This model is unhealthy, but there is always a stable income. Therefore, it is difficult for the platform itself to have the motivation to change; even for companies, being exposed by 315 is a good thing, which can be used to promote internal corrections. Nowadays, the technology of virtual phone is used very quickly whether it is in taxi, takeaway and other scenes; even in the industry, according to my personal experience, hunting and headhunters on Maimai have contacted me and asked for phone calls. The behavior of the number, because Liepin and Maimai both provide virtual phone services. Liepin will also have a voice before the call is connected: The following is the recruitment phone number provided by Liepin (to the effect, I don’t remember the details). Although the call came, they did not have my number. This model should be popular, and downloading resumes to provide a full set of information is too risky. All platforms should stop this kind of business. In the second way, we delivered a fake post. Do you have this experience? A post was posted, and the resume was read, but no response was given. After a few months, this position is still there, and I have been receiving resumes… If it is a small company position, it is very likely that this is a fake position. Information resale gangs forged corporate identities and posted fake posts to attract users to deliver them, causing resumes to flow to the black market. I have worked as a recruitment platform for a short period of time, and this is really difficult to cure. What the platform can do is to check the scanned copy of the “business license + official seal”. Can this be faked? Absolutely, go to the street to shoot the business license in the store, and then PS. It is difficult for the reviewers of the platform to review it. In 2017, college student Li Wenxing delivered a fake post on the boss, and finally strayed into the MLM group in Jinghai, Tianjin, and died in Tianjin. At that time, the boss could allow users to directly post their posts without reviewing, which led to tragedy. However, there is one thing to say that the online business license review and post-posting model used by most platforms is the most cost-effective. You ask these platforms to go to the company to check before the company releases the job. Is the person posting the job from your company? Stand up and let me have a look. Can’t do it. So imitating the gameplay of the official account, the person posting the post must take a photo with an ID card, not only to review the company, but also to review the person. When we were working as a recruitment platform before, we even thought about connecting to Alipay’s Zhima Credit. But isn’t this all cures for all diseases? Really not, there are really desperate small companies in the market that are willing to make money by lending a recruitment account…You give him 200,000 yuan a year and ask him to register a platform account. Many small and medium-sized enterprises are willing. What to do about this? Maybe you really want to put the typical in jail. In 2019, a heavyweight in the human resources circle was that Qiaoda Technology was killed and a bunch of people were arrested. Thirty-six people from Qiaoda Technology were arrested. The police revealed the “sudden tongue” case. Today, as people are paying more and more attention to personal privacy, neither recruitment companies nor recruitment platforms can get rid of this obligation. Before someone goes to jail, my advice to my classmates is: Don’t send your resume overseas. If you often get interview calls but you look dumbfounded and don’t know which company this company is, then you think I should have voted for this position. Probably you are from overseas investment resume. Haitou has two major drawbacks:

7 months ago

Formulate advance module security technical specifications, establish a ledger system, improve electronic traces, authority management, and electronic stamps. We cannot guarantee that the resumes we deliver will not be sold, but we can try our best to ensure that companies that collect personal information under supervision do not guard themselves and steal them. The phenomenon of guarding and stealing is very common in any industry. This is an inevitable result of the commercial society. Even if we return to the feudal era of emphasizing agriculture and suppressing business, we will not be able to put an end to such a phenomenon. As long as there is interest, there will be capital operation. What the law can do is to structure a system to increase the cost of guarding and stealing. The sales of resumes exposed at the 315 party, as @Sean Ye said, this is only the tip of the iceberg of the huge human resources market. To put it in perspective, it is the tip of the iceberg of the huge gray industrial chain. Where else is personal information needed? For example, online small loans, marriage and dating, banking, mobile games, etc. I don’t know if you have forgotten that the sale of personal information started in the bank, and there was a joke circulating on the Internet. At that time, personal accounts were opened without real names: when opening an account with ICBC, Wang Gong*; when opening an account with Agricultural Bank, Wang Nong*; opening an account with China Construction Bank, Wang Jian*… As long as a scammer calls, I know which one it is. The bank sold its own information. It can be seen that banks that have been under strict supervision in the past can be sold, not to mention unsupervised human resources, marriage and dating, online small loans, mobile games and other industries that require real-name information? What 315 exposed was really just the tip of the iceberg of the huge gray industrial chain. These measures I mentioned, except for the first item, are currently being implemented by major banks. They are fully feasible and operable, and they are also very convenient to supervise. The first module test comes from the requirements of the State Administration of Radio, Film and Television to formulate regulations for mobile games, that is, the real-name verification system must have a special module issued by the public security, and it must not be copied or built privately. Otherwise, the State Administration of Radio, Film and Television will not issue a version for mobile games. number. There are also many game apps with fake version numbers on the market. Many app stores know that this profit is large and will neglect detection. Many people who have been fined and rectified, such as the famous pea pod. The information collected by these mobile games under the guise of real-name verification is an open secret, so if you download a mobile game on a certain platform, it is not recommended to enter the real information first. Try two fake ones, change the name, and change the last few digits. If it passes, congratulations on being able to play for free, and remind you that this game has not been officially approved.

7 months ago

The criminal law has long established this behavior as a crime, and there are still some people willing to take risks for it, indicating that capital does not have to come forward, and naturally there are thugs who are willing to commit their lives. “Criminal Law” Article 253 1 [Crimes of Infringement of Citizens’ Personal Information] violates the country Relevant regulations stipulate that if the circumstances are serious, those who sell or provide citizens’ personal information shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention, together with or a fine; where the circumstances are particularly serious, they shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years and fined. . Anyone who violates relevant national regulations and sells or provides citizens’ personal information obtained in the course of performing duties or providing services to others shall be severely punished in accordance with the provisions of the preceding paragraph. Whoever steals or illegally obtains citizens’ personal information by other means shall be punished in accordance with the provisions of the first paragraph. If a unit commits the crimes mentioned in the preceding three paragraphs, the unit shall be fined, and the directly responsible persons in charge and other directly responsible persons shall be punished in accordance with the provisions of the respective paragraphs. In the past, the subject of this crime could only be a specific person, but now this restriction has been lifted. But this black industry chain doesn’t seem to care. Instead, it uses its role of controlling market monopoly in a certain field to sell user information in a more concealed way. The ancients have troubles, temporary personnel are fine, and they are promoted and paid.

7 months ago

Many problems in the Internet industry are not at the “legislative” level, but at the “enforcement”. For example, the sudden death of Pinduoduo’s employees was so serious a while ago, what happened? After 10 days, nothing seemed to happen. If Pinduoduo’s illegal overtime behavior is to be rectified, do we have any current laws for reference? Of course there is. Has it been executed? No. The problem of information leakage is the same. Just search for similar cases, which can be called astronomical numbers. It’s not even domestic. Which of the giants like Facebook and Twitter has a clean butt? Even if it’s a bit of a piecemeal, find a few media outlets to write comments and scold them, and then a symbolic fine, but this is not harmful to the company itself, and the company is very optimistic: as long as I am a large taxpayer, I only need to eat on the Internet. The people of melons will always be attracted by new hot spots… “Then I am invincible.” This is not a matter that can be solved by 315 exposure. First of all, whether the market supervision department is determined to fight, from fines to forced suspension of business Arresting people, is it not capped? Secondly, as users, can we expose one by one and resist the other, saying that we don’t need to be killed. Does anyone who scolded a lot of people a while ago still has this app on their mobile phones? Speaking of this, I think about Didi’s rectification storm. Why Didi has been very active in rectification after the death of people, and now it is almost the safest vehicle to travel? Including Huolala, who is also anxious to start providing safer services? Nothing else, because the security problem is not solved, users will really choose not to use this product. Moreover, the functional departments cannot bear the influence of public opinion from similar incidents. If we face the problem of information leakage in recruitment software, we can also adopt the attitude of “regulatory department fixes on” + “users say you don’t need you, you don’t need you”. Now Zhaopin recruiting or hunting executives may have to live broadcast apologizing.

7 months ago

Every piece of information on your resume is too much sensitive information on your resume, including your name, gender, phone number, email address, graduate school, etc. There are a dozen or two dozen pieces of personal information on a resume. Infringement of personal information, if the circumstances are serious, constitutes a crime. Every piece of information on the resume will become evidence of a crime. Selling ten or twenty resumes may constitute a crime. Criminal Law Article 253-1 [Crimes of Infringing Citizens’ Personal Information] Violating relevant state regulations by selling or providing citizens’ personal information to others, and the circumstances are serious, shall be sentenced to fixed-term imprisonment of not more than three years or criminal detention, and concurrently or solely with a fine ; Where the circumstances are particularly serious, they shall be sentenced to fixed-term imprisonment of not less than three years but not more than seven years, and shall be fined. The Supreme People’s Court and the Supreme People’s Procuratorate’s “Interpretation on Several Issues Concerning the Application of Law in Handling Criminal Cases of Infringement of Citizens’ Personal Information”, illegally acquiring, selling, or providing citizens’ personal information in any of the following circumstances shall be deemed as the 250 The “serious circumstances” stipulated in Article 1 of Article 3: (1) Selling or providing information on whereabouts and being used by others for crimes; (2) Knowing or ought to know that others have used citizens’ personal information to commit crimes and sold or provided to them; (3) Illegal acquisition, sale or provision of more than 50 pieces of track information, communication content, credit information, and property information; (4) Illegal acquisition, sale or provision of accommodation information, communication records, health and physiological information, transaction information, etc. There are more than 500 pieces of other citizens’ personal information that may affect the personal and property safety; (5) Illegal acquisition, sale, or provision of more than 5,000 pieces of citizen’s personal information other than those specified in the third and fourth items; (6) The number is not enough Meet the standards specified in the third to fifth items, but meet the relevant quantitative standards according to the corresponding proportion; (7) illegal income of more than 5,000 yuan; (8) citizens’ personal information that will be obtained in the process of performing duties or providing services Selling or providing to others, the quantity or amount reaches more than half of the standards specified in Items 3 to 7; (9) Having received criminal penalties for infringing on citizens’ personal information or received administrative penalties within two years, and illegally acquired, sold or provided citizens Personal information; (10) Other serious circumstances.

7 months ago

The sale of resumes is nothing new, just like several other incidents that have been exposed. Selling resumes in the qq group has been in my impression for more than 5 years. Not to mention those who registered fake companies or scammed their resumes by pretending to be real companies, just Guangzhilian recruited themselves. In 2017 and 19, employees stole hundreds of thousands of resumes and sold them twice. And if you are interested, you can search for all kinds of magical things in the QQ group, such as selling resumes, selling express orders, selling databases, selling emails, selling game accounts, um, everything. Our privacy has long been sold everywhere. For example, I signed up for an online art trial class for my child. On the next day, I received a call from a competing product of this brand and invited my child to listen to it. Interesting? The day after I bought the car, I received a call from the XX male club, ha ha ha. Before my daughter-in-law gave birth to a baby, I received a phone promotion from a milk powder agent. Those used to sell advertisements are actually considered good. Those who take your information to defraud are even more terrible. My colleague received a call from Vipshop, and he could clearly explain his account information and the information about the purchased items, saying that there was a problem with the item and a refund would be arranged. If I hadn’t organized it in time, all the money in the bank card would have flown away. Another group of friends, who booked a ticket, was also scammed by a refund, but unfortunately she had been scammed when she told us. It cannot be recovered so far. This is not about dealing with your one or two companies, and reorganizing a certain industry can change. The section on the sale of personal information in the new version of the Civil Code has strict definitions. Article 111 of the “Civil Code of the People’s Republic of China” stipulates that the personal information of natural persons is protected by law. Any organization or individual who needs to obtain the personal information of others shall obtain and ensure the security of the information in accordance with the law, and shall not illegally collect, use, process or transmit the personal information of others, and shall not illegally trade, provide or disclose the personal information of others. The personal information of natural persons is protected by law. I look forward to the law must be abided by, law enforcement must be strict, and we will come hard to crack down on this age-old disease.

7 months ago

Let me talk about the only time I was scammed when I was looking for a job. I just went to Suzhou to find a job on XX Wuyou. The company checked it was very good, and I submitted my resume. Not long after I was notified to go for an interview, I went by car. , In an industrial park in Suzhou, there were several interviewers together after we arrived. Let us fill out our resumes and forms. Interviewers are not allowed to chat. Then I went to the manager next door for an interview, and said I was going for a test, and I had to pay a fee of 500. I was right next door. After the medical examination, I would refund, I returned the receipt, and finally signed the contract. Then I found someone to take me to the test. In the middle of the test, he handed me a cigarette. He was from the park, not with them. He told me in the middle that there was a simple test center next to him. There is no charge, and their company is a leather bag company. After signing the contract, you will be allowed to go to work in the black electronics factory. In the end, he took me to find that group of scammers. The place to go was in the room next to the interview. At first glance, they seemed to be gangsters in the society. I said there was something to do at home and I couldn’t go. Because they signed the contract, they said they would not want to sue me or pay compensation. They were frightened when they didn’t understand it. In the end, I was charged 500 yuan and not refunded, and the contract was given to me. In the end, I got more and more angry and called the police. However, when the police came, they didn’t care at all. Maybe there were too many people calling the police every day, or they did not. Sometimes there are some hidden secrets. After I went back, I found XX Wuyou’s customer service. Why did the above recruiters sell dog meat? Didn’t they verify it? Scammers and pyramid schemes are mostly carried out in the name of recruitment. Don’t they have any supervision responsibility. In the end, of course, there is no following. People are light and can’t help it, but they never dare to use XX anymore. These platforms are more hateful than unscrupulous merchants who sell fake goods. They really have no bottom line for making money. They can make all kinds of money. I’m not afraid of having a son without an asshole. Supervision depends on government departments, and if there is a catch that should be caught, the finer the punishment should be, the greater the intensity, the better. .

Would love your thoughts, please comment.x