More than 26 million CVs exposed in Top CV Maker Data Breach – This is what we know
- Advertisement -
Related Posts
- Advertisement -
- Cybernews finds huge databese full of CVs and CFS
- It’s from Talenthook
- The database apparently remains open to this day
Security researchers have discovered another large unprotected database that leaked sensitive information to the general public.
Analysts ofCybernews Found a wrongly configured Azure Blob storage container that was available for anyone who was able to look for where.
The archive contained nearly 26 million files, and it was later established that most files were resumed and CVs that belonged to American citizens, including the full names of people, e -mail addresses, telephone numbers, educational data, professional details and employment history.
Talenthook in problems
Although it may not sound that much, the cache is a wealth of cyber criminals. If they know that these people are actively looking for new vacancies, they can make fully adapted, very relevant phishing -e -mails, to successfully mislead people to download malware or share login details.
For example, the North Korean by the state sponsored Group Lazarus often focuses on job seekers on LinkedIn and elsewhere, and shares fake tuning description files that are nothing more than malware.
In some cases they would make the victim jump through multiple job interviews before they ask for “test”, including downloading malignant code.
Cybernews later ruled that the archive belonged to Talenthook, a cloud-based applicant tracking system that connects HR departments with people looking for work.
Usually, when the researchers find unprotected databases, such as these, they inform the owners and let them be locked quickly. In this case, however, there was no confirmation that Talenthook had actually blocked access.
Instead, the Cybernews Team shared advice with Talenthook and invited the team to “change access controls to limit public access and secure the container”. That is why it is safe to assume that the database remains unlocked and available to everyone to find. The researchers also did not mention whether anyone has already found it, but this is always a strong opportunity.
At the time of the press there was no evidence that the data was already found in the wild and abused.
Maybe you like it too
- Advertisement -
