Subj : Hundreds of thousands of CVs leaked - here's what we know
To   : All
From : TechnologyDaily
Date : Thu Oct 17 2024 17:15:06

Hundreds of thousands of CVs leaked - here's what we know

Date:
Thu, 17 Oct 2024 16:02:00 +0000

Description:
A company kept its database unprotected on the internet, leaving hundreds of 
thousands of CVs open.

FULL STORY
======================================================================

A Singaporean remote hiring platform left a large database unprotected on the 
internet, accessible to anyone who knew where to look. Since the database 
contained plenty of sensitive information, the company has inadvertently 
placed hundreds of thousands of people at risk of data theft, identity theft 
, phishing, fraud, and more. 

The Cybernews research team discovered a misconfigured Amazon AWS S3 bucket 
in early August 2024 said to contain more than 280,000 files, including CVs 
and resumes. 

Further investigation attributed the database to Snaphunt, an online hiring 
platform that connects employers with job seekers. Although its based in 
Singapore, the company is global, and thus most likely holds sensitive 
information on people around the world. It offers features like 
pre-screening, skills assessments, and remote hiring tools. Social 
engineering 

The archive contained information generated between 2018 and 2023, including 
peoples full names, phone numbers, email addresses, places of birth, 
nationality, date of birth, social media links, employment history, and 
educational background. 

The potential for social engineering attacks is elevated, as attackers can 
impersonate fake recruitment agencies or leverage the leaked data to 
infiltrate professional networks, spreading malware or extracting further 
confidential information, Cybernews explained. 

Job-related scams are nothing new - just this week, news broke that a company 
got hacked after hiring a North Korean hacker who faked their entire 
identity. The unnamed firm lost sensitive data and was demanded a six-figure 
ransom payment in exchange. 

Unprotected databases remain one of the most common causes of data leaks. 
Many organizations, including some of the worlds biggest enterprises, were 
found operating internet-accessible archives with no password protection, 
putting many of their customers at risk. 

Most of the time, the vulnerability is nothing more than an honest employee 
mistake. More from TechRadar Pro Mystery database containing sensitive info 
on 762,000 car-owners discovered by researchers Here's a list of the best 
firewalls today These are the best endpoint protection tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/hundreds-of-thousands-of-cvs-leaked-her
es-what-we-know


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.