Hundreds of thousands of CVs leaked - here’s what we know

Database of CVs left unprotected online

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A Singaporean remote hiring platform left a large database unprotected on the internet, accessible to anyone who knew where to look. Since the database contained plenty of sensitive information, the company has inadvertently placed hundreds of thousands of people at risk of data theft,identity theft, phishing, fraud, and more.

TheCybernewsresearch team discovered a misconfiguredAmazonAWS S3 bucket in early August 2024 said to contain more than 280,000 files, including CVs and resumes.

Further investigation attributed the database to Snaphunt, anonline hiring platformthat connects employers with job seekers. Although it’s based in Singapore, the company is global, and thus most likely holds sensitive information on people around the world. It offers features like pre-screening, skills assessments, and remote hiring tools.

Social engineering

The archive contained information generated between 2018 and 2023, including people’s full names, phone numbers, email addresses, places of birth, nationality, date of birth, social media links, employment history, and educational background.

“The potential for social engineering attacks is elevated, as attackers can impersonate fake recruitment agencies or leverage the leaked data to infiltrate professional networks, spreading malware or extracting further confidential information,” Cybernews explained.

Job-related scams are nothing new - just this week, news broke that acompany got hacked after hiring a North Korean hackerwho faked their entire identity. The unnamed firm lost sensitive data and was demanded a six-figure ransom payment in exchange.

Unprotected databases remain one of the most common causes of data leaks. Many organizations, including some of the world’s biggest enterprises, were found operating internet-accessible archives with no password protection, putting many of their customers at risk.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Most of the time, the vulnerability is nothing more than an honest employee mistake.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

As if Intel didn’t have enough to worry about, Nvidia might be about to jump into the PC processor market