TalentHook inadvertently leaks millions of job seekers' data
Online applicant tracking platform TalentHook had almost 26 million files, most of which are CVs belonging to U.S. job seekers, accidentally leaked by an unsecured Azure Blob storage container, according to Cybernews.
Attackers could leverage the exposed information, including names, phone numbers, email addresses, educational background, professional details, and employment histories, to facilitate identity theft and phishing attacks, as well as doxxing or harassment, noted Cybernews researchers, who have already informed TalentHook regarding the misconfigured database. "Email addresses and phone numbers can be used in phishing emails, SMS scams, or fraudulent job offers, tricking individuals into revealing sensitive information such as ID scans or banking details," researchers added. TalentHook has been urged to remediate the inadvertent data leak by implementing more stringent access controls, updated permissions, and server-side encryption, as well as tracking logs for unauthorized activity and adopting automated security checks, consistent audits, employee training programs, and other cybersecurity best practices.
