- Cybernews finds huge data -filled data sessions
- It belongs to Talenthook
- The database apparently remains open to this day.
Security researchers have discovered another large unprotected database that was filtering confidential information to the general public.
Analysts ofCybernews I found a BLOB storage container of poorly configured Azure available for anyone who knew where to look.
The file contained almost 26 million files, and then it was determined that most of the files were curriculum and CVS belonging to US citizens, including the full names of people, email addresses, telephone numbers, the details of education, professional details and employment history.
Taltook in trouble
While it may not seem much, cache is a treasure for cybercriminals. Knowing that these people actively seek new job opportunities, they can create emails of totally personalized and highly relevant phishing, successfully cheating people to download malware or share login credentials.
For example, Lázaro’s group sponsored by the state of North Korea often addresses Employment applicants in LinkedIn and elsewhere, sharing false work description files that are nothing more than malware.
In some cases, they would have the victim jump through multiple rings of work interviews, before asking for “test work” that includes the discharge of malicious code.
Cybernews then determined that the file belonged to Talenthook, a cloud -based applicant monitoring system that connects human resources departments with people looking for work.
In general, when researchers find unprotected databases such as this, they notify the owners and block it quickly. However, in this case, there was no confirmation that Talenthook really prohibited access.
Instead, the Cybernews The team shared tips with Talenthook, inviting the team to “change access controls to restrict public access and secure the container.” Therefore, it is safe to assume that the database remains unlocked and available for everyone to find it. The researchers also mentioned if someone already found it, but this is always a great possibility.
At the time of publication, there was no evidence that the data were already found and abused in nature.
