"Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID Documents"

A team of security researchers at Website Planet discovered an AWS S3 bucket left unprotected and unsecured by FastTrack Reflex Recruitment, now TeamBMS.  The 5GB trove contained 21,000 files, including CVs featuring personal information such as email addresses, full names, mobile phone numbers, home addresses, and social network URLs. Other details included dates of birth, passport numbers, and applicant photos, according to Website Planet.  The data could have been used to commit follow-on identity theft, fraud, and craft phishing attacks designed to steal more personal details or deploy malware if found by threat actors.  The researchers also claimed that the information contained in the bucket could have been used for corporate espionage or to target victims’ homes for burglary.  The research team discovered the leak on December 29 last year and reached out several times to TeamBMS’s parent company TeamResourcing and the UK CERT. The bucket was finally secured on March 23.

Infosecurity reports: "Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID Documents"