1. Forum
  2. tqw
  3. TQW GENTECH

  • AI-focused recruitment platform exposes half a million job seeker

    From TechnologyDaily@1337:1/100 to All on Friday, November 15, 2024 12:15:04
    AI-focused recruitment platform exposes half a million job seekers

    Date:
    Fri, 15 Nov 2024 12:02:49 +0000

    Description:
    PII, passports and ID documents left exposed in misconfigured Google Cloud Storage bucket.

    FULL STORY ======================================================================Xobin left a database publicly exposed online for at least three months The
    database was filled with the PII of over 500,000 job applicants
    Identification documents and passports were included in the files

    Days after a database containing the personally identifiable information
    (PII) of millions of jobseekers was uncovered, another half million may have been exposed by a different company.

    The unprotected files were found by Cybernews researchers, and contain the
    PII of over 500,000 job applicants, including resumes, scans of passports,
    and copies of identification documents.

    The files were left exposed by AI-powered HR tech company Xobin, and despite numerous alerts to the public database, remained open and accessible for almost three months. Xobin responsible for some big names

    The researchers say Xobin counts Toyota, Ericsson, the University of Toronto, and Dominos as some of its clients, among many other companies and organizations.

    It isnt known how long the database was left exposed before discovery, but Cybernews first discovered the database on August 5 and issued an immediate alert, with the database only being taken down on November 4.

    The files were stored in a misconfigured Google Cloud Storage bucket. In total, 18,000 CSV and XLSX files were uncovered which included the job applications of 523,074 people, with each application including full names, phone numbers, and email addresses.

    Moreover, 3,129 copies of passports and IDs with Permanent Account Numbers - the Indian equivalent of US social security numbers.

    18,629 resumes were found, each containing further details on each applicant. If the database was accessed by malicious actors, it could be used along with other PII for social engineering, spearphishing attacks, extortion, financial fraud, and account takeover, particularly if an individual is known to be seeking or earning a high wage.

    You can name all the cyber threats: identity theft, spear phishing, doxxing, social engineering, and many other forms of fraud. The leaked personal information includes sensitive details, and job seekers are particularly vulnerable. Scammers can impersonate legitimate recruiting agencies, offer enticing fraudulent jobs, and perform other targeted fraudulent activities leading to potentially devastating financial and personal repercussions, Cybernews researchers said. You might also like Take a look at the best identity theft protection Millions of sensitive data records exposed online due to settings fault with this top Microsoft tool These are the best firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/pro/ai-focused-recruitment-platform-exposes-half-a-m illion-job-seekers


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)