A recent data breach has been discovered in the HireClick platform, revealing the private information of millions of job seekers who may have used it. Researchers at Cybernews uncovered the breach, leaving many individuals vulnerable to potential risks.
How the Leak Happened
HireClick, a recruitment service that helps businesses manage job postings, candidate applications, and the hiring process, was found to have exposed sensitive personal data. Security researchers originally discovered a misconfigured AWS S3 storage bucket, a cloud storage service by Amazon Web Services used to store files in the cloud.
This misconfiguration left the data, containing over 5.7 million files, publicly accessible. Anyone with internet access could easily download these files. The leaked files contained personal information including full names, addresses, emails, phone numbers and employment history
For individuals whose data was compromised, the risks can be substantial. Scammers may now have access to key personal information, which can lead to malicious activities such as:
Phishing and scams where attackers could send fake job offers or requests for “identity verification” via email, phone, or text. These requests might trick victims into handing over Social Security numbers, banking details, personal identifications, or downloading malicious software that steals financial information or takes control of their devices. Attackers may also use private information to share online for misuse such as doxxing, impersonation or identity theft with access to resumes and personal contact details where they might target companies with fake employment applications or attempt to gain access to workplace systems.
Researches were not able to determine how long the exposed files were accessible. They have reached out to the platform on first discovery but have not yet received a response nor has a notice about the breach been posted on their site.
Learn more about the analysis and updates on Cybernews’ report.
Tips to Stay Safe
Whether you’re a job seeker that’s utilized HireClick or just regular web surfing, always be wary of unsolicited emails or messages and verify the authenticity of such requests before responding. Review the sender’s address, context, and if unsure contact the sender or company directly.
Leave a Reply