Over 26 million resumes exposed in top CV maker data breach - here's what we know

News
By published

Talenthook archive seems to have remained unlocked

Data leak
(Image credit: Shutterstock)
  • Cybernews finds huge databse full of resumes and CVs
  • It belongs to TalentHook
  • The database apparently remains open to this day

Security researchers have discovered another large unprotected database which was leaking sensitive information to the general public.

Analysts fromCybernews found a misconfigured Azure Blob storage container available to anyone who knew where to look.

The archive contained almost 26 million files, and it was later determined that most of the files were resumes and CVs belonging to US citizens, including people’s full names, email addresses, phone numbers, education details, professional details, and employment history.

Get 55% off Incogni's Data Removal service with code TECHRADAR

Get 55% off Incogni's Data Removal service with code TECHRADAR

Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.

View Deal

TalentHook in trouble

While it might not sound like much, the cache is a treasure trove for cybercriminals. Knowing these people are actively seeking new job opportunities, they can create fully customized, highly relevant phishing emails, successfully tricking people into downloading malware or sharing login credentials.

For example, the North Korean state-sponsored group Lazarus often targets job seekers on LinkedIn and elsewhere, sharing fake job description files which are nothing more than malware.

In some instances, they would have the victim jump through multiple job interview hoops, before asking for “trial work” which includes downloading malicious code.

Cybernews later determined that the archive belonged to TalentHook, a cloud-based applicant tracking system that connects HR departments with individuals seeking work.

Usually, when the researchers find unprotected databases such as this one, they notify the owners and get it locked down fast. However, in this instance, there was no confirmation that TalentHook actually barred access.

Instead, the Cybernews team shared advice with TalentHook, inviting the team to “change access controls to restrict public access and secure the container”. Therefore, it’s safe to assume that the database remains unlocked and available for all to find. The researchers also did not mention if someone found it already, but this is always a strong possibility.

At press time, there was no evidence of the data already being found and abused in the wild.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.