Major Data Breach Exposes Five Million Jobseekers

Uploaded on 2025-07-19 in NEWS-Cybersecurity News, FREE TO VIEW

A job search platform exposed over 5 million resumes, putting millions of job seekers at risk of identity theft, targeted scams and fraud. The leak, discovered by cyber security researchers at Cybernews, comes from a misconfigured Microsoft Azure storage container that is accessible on the Internet.

The unsecured cloud bucket contained more than 5.1 million files, predominantly resumes and CVs, dating from 2016 to 2025. 

The breach is linked to LiveCareer, a platform founded in 2004 that provides digital tools for job seekers including resume templates, cover letter generators, and job listings.  The service helps over 10 million users across 180 countries. Based on the scale of the leak, researchers estimate that nearly half of the platform’s users may have had their data compromised.

The documents included a wealth of personally identifiable information (PII) such as full names, phone numbers, email addresses, home addresses, and complete employment histories.  With this level of detail, experts warn that affected individuals face a heightened risk of targeted phishing schemes, financial fraud, and impersonation.

Despite multiple attempts by Cybernews to reach LiveCareer, the company has not issued a public statement regarding the breach as of publication.

This is not the first instance when job seekers' private data has been exposed online. Security experts emphasise that cloud storage misconfigurations remain a persistent problem in 2025. Improperly secured Azure, AWS, and Google Cloud instances continue to expose sensitive data across industries. 

In this case, the LiveCareer exposure appears to have gone unnoticed for years, with some of the leaked documents possibly accessible since 2016.

The problems with this extends beyond basic privacy concerns. With emails and phone numbers exposed, attackers can launch sophisticated phishing, vishing or voice phishing, and smishing (SMS phishing) attacks. 

By impersonating employers or recruiters, cyber criminals can lure victims into sharing even more sensitive information, including identification documents and financial details. Fraudulent job offers, or requests for training fees, are common tactics used to exploit such data.

Previous research by Cybernews revealed that HireClick, a recruitment platform for small to mid-sized businesses, leaked 5.7M files with applicants’ resumes.  Foh&Boh, a US hiring platform used by KFC, Taco Bell, and Hyatt Grand, also exposed millions of applicants’ resumes, revealing all they wanted to share with potential employers.

In May 2025 one of the largest employment platforms in Europe, beWanted, exposed a trove of sensitive details, revealing job seekers’ personal information, ranging from names to national ID numbers. In 2024, a Singapore-based remote hiring platform, Snaphunt, leaked over two hundred thousand CVs of job candidates dating from 2018 to 2023.

Cybernews  |   Cybernews  |   TEISS  |  SCWorld  |    Security Review  |   Security Review 

Image: Anna Shvets

You Might Also Read: 

On Trend With Zero-Trust Architecture & Multi-Cloud Environments:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« President Trump Orders Federal Cyber Security Responsibilities Be Reduced
Fancy Bear's Anatomy: Tactics, Techniques & Procedures »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Lacuna Talent

Lacuna Talent

Lacuna Talent delivers the combined power of Via Resource, the international Cyber Security recruiter, and Lacuna Talent, the Specialist AI/Data recruiter.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

Quantstamp

Quantstamp

Quantstamp are experts in Smart Contract Security Audits. We provide verification that your decentralized system works as intended.

Fingent

Fingent

Fingent develops strategic software solutions for businesses across the globe in areas including Network Security, Infrastructure Security, Application Security, Risk and Compliance.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

Phakamo Tech

Phakamo Tech

Phakamo Tech offers a full set of governance, risk, compliance, cybersecurity and Microsoft Cloud services that include consulting, planning, implementation and cyber incident response.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Obrela Security Industries

Obrela Security Industries

Obrela provides security analytics and risk management services to identify, analyze, predict and prevent highly sophisticated security threats in real time.

V3 Cybersecurity

V3 Cybersecurity

V3 Cybersecurity is a unique company focused on contextualization of security programs from a business perspective. Our mission is to provide enterprise IT Risk Management capabilities.

TR-CERT (USOM)

TR-CERT (USOM)

TR-CERT (Ulusal Siber Olaylara Müdahale Merkezi - USOM) is the national Computer Emergency Response Team of Turkey.