Two Million Job Seekers Became Target of Data Breaches by Cybercriminals.
Two Million Job Seekers Became Target of Data Breaches by Cybercriminals.
The group ResumeLooters, which is a cybercriminal organization, has successfully breached the security of 65 websites that host job listings and retail services. As a result, the personal information of more than two million individuals who are seeking employment has been compromised.
The group employed SQL injection and cross-site scripting (XSS) attacks, which are widely used methods, to collect sensitive information from the websites.
The attacks predominantly concentrated on the Asia-Pacific (APAC) area, specifically targeting sites in Australia, Taiwan, China, Thailand, India, and Vietnam. Furthermore, additional compromised organizations were situated in various locations such as Brazil, Italy, Mexico, Russia, Turkey, and the US.
The group’s activities were initially identified in November 2023, and thereafter monitored as they conducted a large-scale harmful campaign specifically targeting employment agencies and retail companies.
The researchers named the organization ResumeLooters because they specifically targeted job search platforms and stole resumes.
Quantifying the stolen data is challenging due to the multitude of sources, but it potentially encompasses names, phone numbers, emails, dates of birth, as well as details regarding job seekers’ experience, employment history, and other sensitive personal information.
The pilfered data was made available for purchase on Telegram channels catering to Chinese-speaking users. These and other factors strongly suggest that the group originates from China.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
READ MORE ARTICLE HERE