- Blewanced, an important European Employment Searchw with
- The database contained more than 1.1 million records, mainly CV and curriculums
- The data belonged to people around the world, and now they could be at risk
According to reports, an important European employment platform was filtering confidential data of up to one million users, researchers have claimed
Cybernews He has revealed that his researchers discovered an unprotected Google (GCS) cloud storage bucket that belongs to Bewwance, described as “one of the largest employment platforms in Europe.”
The cube contained more than 1.1 million files, mostly CV and curriculum belonging to employment applicants, people around the world, including Spain, Argentina, Guatemala, Honduras and more.
No answer
That said, anyone who could have found the database in advance would obtain the full names of people, telephone numbers, email addresses, postal addresses, birth dates, national identification numbers, nationalities, birthdays, social networks links, employment history and educational background.
This is more than enough information to execute custom phishing, identity theft or wire fraud attacks. Work openings are often the issue in Phishing’s emails, and knowing the identities of people looking for a new position presents a unique opportunity for cybercriminals to create convincing eminches emails of Phishing.
Through them, they could deliver malware, steal login credentials, break into the IT network of their current employers and more.
Based in Madrid, Spain, with offices in Mexico, Germany and the United Kingdom, Blewance is described as a business enabled for software as a service (SAAS), connecting employment applicants with potential employers.
Cybernews researchers said they tried to contact Bewanhed and get the company to block the database, but the company never responded to any of their consultations. As a result, “the data remains publicly accessible,” they said.
The team discovered the GCS cube unprotected in November 2024, so it has been open on the Internet for at least half a year.
Anyone who knew where to look (through the use of specialized search engines such as Shodan) could have already found it. However, without forensic analysis, it is impossible to determine if that already happened or not.
