1.3 million popular recruitment platform users’ data for sale on data sharing forum

CloudSEK discovers leaked database that contains sensitive information of management job site users, which includes username, phone number.

Share this Intel:

CloudSEK has discovered a data leak that contains sensitive information of 1.3 million users of a popular recruitment platform. This site is an Indian online recruitment platform for middle and senior management positions. 

 

Discovery of the leak

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a surface web database marketplace, advertising the information of 1.3 million site users. 

The post was published on 08 August 2020. The seller has shared 5 samples as proof. 

recruitment platform data leak

 

The contents of the leak

The sample records contain 5 users’: 

  • Username
  • Email
  • Phone number
  • Date of Birth
  • IP address
  • Company Name
  • Designation/ Position

 

Data verification and validation 

Using public sources we were able to verify various fields such as mobile number, name and email address in the database. 

IIMJobs database

 

Impact

  1. Threat actors can use the PII in the data dump to orchestrate phishing campaigns, online and offline scams, and even identity theft.
  2. Usually our mobile numbers and email IDs are linked to banking, mobile wallet, and other online accounts. Having these details makes it easier for threat actors to compromise the victims’ accounts. 

 

Next steps

As a rule of thumb:

  1. Use strong passwords and avoid password reuse.
  2. Enable multi-factor authentication for all your online accounts.
  3. Don’t open unsolicited email attachments and links, especially from senders you don’t recognize.
  4. Don’t share OTPs with third-parties. 
  5. Review online accounts and financial statements for discrepancies periodically. 
  6. Regularly update and patch apps and any other software you use.

Be informed about these Threats in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about these threats first in your inbox.