13 Million American, Canadian Job Applicant Records for Sale

Published 18 May 2021


  • CloudSEK's XVigil discovered a post on an underground forum advertising Canadian and American job applicants data
  • It includes sensitive information like Email Address, Mobile number, Name, etc.

Share this Threat Intel:

Category
Adversary Intelligence
Affected Industries
Employment 
Data Fields
Email Address, Mobile number, Name, Address, Last Login, Label 
Affected Region
Canada & United States of America

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on an underground forum, advertising 13 million records of job applicants from the US and Canada. The actor claims that the data is relevant to 2019 and the uncompressed 40GB JSON file is being sold for 8 forum credits. The database was apparently dumped from Elasticsearch. CloudSEK’s Threat Intelligence Research team is in the process of validating the post.

Potential Impact

  • Since the leaked records are likely to contain users’ information or other sensitive information regarding the organization, it can be leveraged to carry out social engineering attacks.
  • The data can also be used to orchestrate other forms of targeted attacks.

 

Mitigation Measures

  • Don’t use default ports
  • Maintain digital data confidentiality by encrypting the data
  • Implement strict access controls
  • Keep your software updated

Be informed in your Inbox

Sign up now to our Threat intelligence Newsletter and be the first to know about threats first in your inbox.

Join the Discussions

Discuss your way into our Community about these threats and stay Vigilant and informed.