- Bewanted, a larger European job -seeking platform, held an open Google database online
- Database contained more than 1.1 million records, mostly CVs and resumes
- Data belonged to people all over the world and could now be in danger
A larger European employment platform reportedly leaked sensitive data from as many as a million users, scientists have claimed
Cygenerws Has revealed that researchers discovered an unprotected Google Cloud Storage (GCS) bucket, which belonged to Bewanted, described as “one of the largest employment platforms in Europe”.
Bucket contained more than 1.1 million files, mostly CVs and resumes belonging to job seekers, from people around the world, including Spain, Argentina, Guatemala, Honduras and more.
No answer
That said, anyone who may have found the database in advance would get people’s full names, phone numbers, e -mail addresses, postal addresses, birth dates, national ID numbers, nationalities, births, social media relations, employment history and educational background.
This is more than enough information to run tailor -made phishing, identity theft or thread fraud attack. Job openings are often the topic of phishing -e emails, and knowing the identity of people looking for a new position provides a unique opportunity for cyber criminals to create compelling phishing -e emails.
Through them, they could deliver malware, steal login -credentials, break into their current employers’ IT networks and more.
Headquarters in Madrid, Spain, with offices in Mexico, Germany and the UK, Bewanted is described as a software-as-a-service (SaaS) activated business connecting job seekers with potential employers.
Cybergenws’ researchers said they were trying to contact Bewanted and have the company locked down the database, but the company never responded to any of their queries. As a result “the data remains publicly available,” they said.
The team discovered the unprotected GCS bucket in November 2024, so it has been open on the Internet for at least half a year now.
Anyone who knew where to see (using specialized search engines such as Shodan) could have found it already. Without forensic analysis, however, it is impossible to determine whether it has already happened or not.
