In a shocking data security lapse, nearly 26 million resumes belonging to U.S. job seekers were left exposed due to a misconfigured Microsoft Azure Blob storage container. The breach, discovered by the Cybernews research team, has raised serious concerns over how recruitment data is handled in the digital age.
The exposed database was linked to TalentHook, a popular applicant tracking software platform used by HR departments to streamline hiring processes. TalentHook is a product of Resource Edge, a Nevada-based software company.
The team at Cybernews said they have contacted Resource Edge for comment but have not yet received a response.
The storage container held millions of job seekers’ resumes, containing a wide range of personal information such as: Full names, Email addresses, Phone numbers, Education details, Employment history, and Professional background. This data is typically shared by individuals when applying for jobs. However, when not stored securely, it becomes a goldmine for cybercriminals.
Read: Common Resume Mistakes to Avoid
Cybersecurity experts warn that this kind of data breach can be used for highly targeted phishing attacks. Cybercriminals can send fake emails, messages, or job offers to trick victims into revealing sensitive details such as ID documents, banking information, or login credentials. Beyond phishing, the leak could also lead to: Identity theft, Fraud, impersonation, Scams, and Doxxing.
The inclusion of home addresses and phone numbers increases the risk of harassment and intimidation.
