Hundreds of thousands of CVs leaked - here's what we know

Data leak
(Image credit: Shutterstock)

A Singaporean remote hiring platform left a large database unprotected on the internet, accessible to anyone who knew where to look. Since the database contained plenty of sensitive information, the company has inadvertently placed hundreds of thousands of people at risk of data theft, identity theft, phishing, fraud, and more.

The Cybernews research team discovered a misconfigured Amazon AWS S3 bucket in early August 2024 said to contain more than 280,000 files, including CVs and resumes.

Further investigation attributed the database to Snaphunt, an online hiring platform that connects employers with job seekers. Although it’s based in Singapore, the company is global, and thus most likely holds sensitive information on people around the world. It offers features like pre-screening, skills assessments, and remote hiring tools.

Social engineering

The archive contained information generated between 2018 and 2023, including people’s full names, phone numbers, email addresses, places of birth, nationality, date of birth, social media links, employment history, and educational background.

“The potential for social engineering attacks is elevated, as attackers can impersonate fake recruitment agencies or leverage the leaked data to infiltrate professional networks, spreading malware or extracting further confidential information,” Cybernews explained.

Job-related scams are nothing new - just this week, news broke that a company got hacked after hiring a North Korean hacker who faked their entire identity. The unnamed firm lost sensitive data and was demanded a six-figure ransom payment in exchange.

Unprotected databases remain one of the most common causes of data leaks. Many organizations, including some of the world’s biggest enterprises, were found operating internet-accessible archives with no password protection, putting many of their customers at risk.

Most of the time, the vulnerability is nothing more than an honest employee mistake.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Security padlock and circuit board to protect data
Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Data Breach
Thousands of healthcare records exposed online, including private patient information
Security padlock and circuit board to protect data
A major US TV broadcaster leaked over a million sensitive files online
Cartoon Phishing
One of the largest data leaks ever sees info on 1.5 billion people leaked online
Data leak
Top collectibles site leaks personal data of nearly a million users
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Google Pixel Watch 3 side dial and button
Google Gemini reportedly spotted on Wear OS – could a rollout be close at hand?
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Toni Collette in Hereditary
Everything leaving Netflix in April 2025 – from the scariest movie ever made to a beloved DreamWorks animation with 99% on Rotten Tomatoes
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think