13 Million American, Canadian Job Applicant Records for Sale

###### Category Adversary Intelligence
###### Affected Industries Employment
###### Data Fields Email Address, Mobile number, Name, Address, Last Login, Label
###### Affected Region Canada & United States of America

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on an underground forum, advertising 13 million records of job applicants from the US and Canada. The actor claims that the data is relevant to 2019 and the uncompressed 40GB JSON file is being sold for 8 forum credits. The database was apparently dumped from Elasticsearch. CloudSEK’s Threat Intelligence Research team is in the process of validating the post.

Potential Impact

  • Since the leaked records are likely to contain users’ information or other sensitive information regarding the organization, it can be leveraged to carry out social engineering attacks.
  • The data can also be used to orchestrate other forms of targeted attacks.

Mitigation Measures

  • Don’t use default ports
  • Maintain digital data confidentiality by encrypting the data
  • Implement strict access controls
  • Keep your software updated
1 Like