- beWanted, a major European job seeker platform, kept an open Google database online
- Database contained more than 1.1 million records, mostly CVs and resumes
- Data belonged to people all over the world, and could now be at risk
A major European employment platform was reportedly leaking sensitive data from as many as a million users, researchers have claimed
Cybernews has revealed its researchers discovered an unprotected Google Cloud Storage (GCS) bucket belonging to beWanted, described as “one of the largest employment platforms in Europe”.
The bucket contained more than 1.1 million files, mostly CVs and resumes belonging to job seekers, from people all over the world, including Spain, Argentina, Guatemala, Honduras, and more.
No reply
That being said, anyone that might have found the database beforehand would obtain people’s full names, phone numbers, email addresses, postal addresses, dates of birth, national ID numbers, nationalities, places of birth, social media links, employment history, and educational background.
This is more than enough information to run bespoke phishing, identity theft, or wire fraud attacks. Job openings are often the topic in phishing emails, and knowing the identities of people looking for a new position presents a unique opportunity for cybercriminals to create convincing phishing emails.
Through those, they could deliver malware, steal login credentials, break into their current employers’ IT network, and more.
Headquartered in Madrid, Spain, with offices in Mexico, Germany, and the UK, beWanted is described as a Software-as-a-Service (SaaS) enabled business, connecting job seekers with potential employers.
Cybernews’ researchers said they tried contacting beWanted and getting the company to lock the database down, but the firm never responded to any of their inquiries. As a result, “the data remains publicly accessible,” they said.
The team discovered the unprotected GCS bucket in November 2024, so it’s been sitting wide open on the internet for at least half a year now.
Anyone who knew where to look (by using specialized search engines like, for example, Shodan) could have found it already. However, without forensic analysis, it’s impossible to determine if that already happened or not.
You might also like
https://cdn.mos.cms.futurecdn.net/GcQXTy4NBXKeoop4V5WQnQ.jpg
Source link
