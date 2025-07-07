Data Security

TalentHook inadvertently leaks millions of job seekers’ data

concept of leaky software, data with a tap sticking out.3d illustration

(Adobe Stock)

Online applicant tracking platform TalentHook had almost 26 million files, most of which are CVs belonging to U.S. job seekers, accidentally leaked by an unsecured Azure Blob storage container, according to Cybernews.

Attackers could leverage the exposed information, including names, phone numbers, email addresses, educational background, professional details, and employment histories, to facilitate identity theft and phishing attacks, as well as doxxing or harassment, noted Cybernews researchers, who have already informed TalentHook regarding the misconfigured database. "Email addresses and phone numbers can be used in phishing emails, SMS scams, or fraudulent job offers, tricking individuals into revealing sensitive information such as ID scans or banking details," researchers added. TalentHook has been urged to remediate the inadvertent data leak by implementing more stringent access controls, updated permissions, and server-side encryption, as well as tracking logs for unauthorized activity and adopting automated security checks, consistent audits, employee training programs, and other cybersecurity best practices.

Related

Significant data breach prompts penalties for SK Telecom

Reuters reports that leading South Korean telecommunications provider SK Telecom has been ordered by the country's Ministry of Science and ICT to pay an almost $22,000 fine and implement security measures every quarter following a cyberattack disclosed in April that compromised 26.96 million universal subscriber identity module cards.

CIEE One breach compromises nearly 250K records

Security Affairs reports that major Brazilian recruitment and selection service platform CIEE One was discovered by Resecurity to have had 248,725 records belonging to businesses and trainees exfiltrated and later exposed by the financially motivated underground data broker "888".

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BitBlock CipherCipherCiphertextCryptographic Algorithm or HashCryptographic Hash FunctionsData AggregationData Encryption Standard (DES)Digital EnvelopeDigital Signature

You can skip this ad in 5 seconds