A Singaporean remote recruiting platform has left a large database unprotected on the Internet, accessible to anyone who knew where to look. Because the database contained a lot of sensitive information, the company inadvertently put hundreds of thousands of people at risk of data theft, identity theft, phishing, fraud, and more.
The Cyber news The research team discovered a misconfigured Amazon AWS S3 bucket in early August 2024 that reportedly contained more than 280,000 files, including resumes and resumes.
Upon further investigation, the database was attributed to Snaphunt, an online recruitment platform that connects employers with job seekers. Although the company is based in Singapore, it is a global company and therefore most likely has sensitive information about people around the world. It offers features such as pre-screening, skills assessment and remote recruitment tools.
Social engineering
The archive contained information generated between 2018 and 2023, including people’s full names, phone numbers, email addresses, places of birth, nationality, date of birth, social media links, employment history and educational background.
“The potential for social engineering attacks is greater, as attackers could pose as fake recruitment agencies or use the leaked data to infiltrate professional networks, spread malware or extract further confidential information,” Cybernews explains.
Work-related scams are nothing new. This week, news broke that a company was hacked after hiring a North Korean hacker who spoofed his entire identity. The unnamed company lost sensitive data and was demanded a six-figure ransom in return.
Unsecured databases remain one of the most common causes of data breaches. Many organizations, including some of the world’s largest corporations, were found to be managing archives accessible over the Internet without password protection, putting many of their customers at risk.
Most of the time, the vulnerability is nothing more than an honest mistake by the employee.