DATABREACHES reports that Moldova’s job applicant portal Cariere.gov[.]md left personal information exposed for years, with 7,758 folders containing names, addresses, phone numbers, citizenship status, government IDs, CVs and other data, plus nearly 19,000 JSON files and no password required to access the data. The site notes that access could be gained simply by manipulating the number at the end of the URL, until a change on 14 February that blocked URL-based access.
The timeline shows On 5 February the incident was raised via Signal; on 8 February DataBreaches emailed Cancelaria’s listed address and received no reply, while on 11 February STISC stated that Cancelaria was responsible for the portal’s security, and on 13 February Cancelaria said the submission could not be investigated due to an alleged lack of e-signature.
DataBreaches pressed the issue again on 14 February, but the Moldova government has not responded to this site’s emails, leaving the question of whether notified applicants will be informed unresolved. The piece ends with advice for users to change passwords and identity documents if they reused those credentials, and with a call for a public government statement about mitigation and notification. According to STISC, the security of the portal was the responsibility of Cancelaria.