A significant data breach has occurred at Snaphunt, a remote hiring platform, resulting in the exposure of over 280,000 resumes containing personal information of job seekers from 2018 to 2023.
AI job for software engineers
The leak was uncovered by the Cybernews research team on August 5th, when they discovered a misconfigured Amazon AWS S3 bucket that left these sensitive files accessible to anyone on the internet.
Snaphunt, a Singapore-based recruitment platform operating globally across regions like Asia, Europe, and the Middle East, uses AI and data-driven tools to match employers with job seekers based on their skills and experience. However, this breach exposes job candidates to serious risks, including identity theft and phishing attacks.
The exposed resumes contained a range of personal details:
Full names
Phone numbers
Email addresses
Dates and places of birth
Nationalities
Social media links
Employment history and education background
Cybersecurity experts at Cybernews warn that such extensive data could be exploited for identity theft, with criminals using it to create fraudulent accounts or impersonate job seekers in sophisticated spear phishing attacks. Hackers could pose as fake recruitment agencies or infiltrate professional networks, further endangering victims by spreading malware or extracting additional sensitive data.
Cybernews notified Snaphunt, and access to the exposed data has since been secured. However, the company has yet to issue an official statement. Snaphunt did not even inform its customers about the data leak.
This is despite Cybernews on August 27, 2024 sending the initial disclosure email to Snaphunt. On September 9, 2024 Snaphunt closed the public access to the leaked storage. Snaphunt did not even acknowledged the contribution of Cybernews in blocking the cyber security issue.
Baburajan Kizhakedath
