13 Million American, Canadian Job Applicant Records for Sale
Published 18 May 2021
- CloudSEK's XVigil discovered a post on an underground forum advertising Canadian and American job applicants data
- It includes sensitive information like Email Address, Mobile number, Name, etc.
Share this Threat Intel:
|Email Address, Mobile number, Name, Address, Last Login, Label|
|Canada & United States of America|
CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on an underground forum, advertising 13 million records of job applicants from the US and Canada. The actor claims that the data is relevant to 2019 and the uncompressed 40GB JSON file is being sold for 8 forum credits. The database was apparently dumped from Elasticsearch. CloudSEK’s Threat Intelligence Research team is in the process of validating the post.
- Since the leaked records are likely to contain users’ information or other sensitive information regarding the organization, it can be leveraged to carry out social engineering attacks.
- The data can also be used to orchestrate other forms of targeted attacks.
- Don’t use default ports
- Maintain digital data confidentiality by encrypting the data
- Implement strict access controls
- Keep your software updated