.png)
3 months ago
1
A job search platform exposed over 5 million resumes, putting millions of job seekers at risk of identity theft, targeted scams and fraud. The leak, discovered by cyber security researchers at Cybernews, comes from a misconfigured Microsoft Azure storage container that is accessible on the Internet.
The unsecured cloud bucket contained more than 5.1 million files, predominantly resumes and CVs, dating from 2016 to 2025.
The breach is linked to LiveCareer, a platform founded in 2004 that provides digital tools for job seekers including resume templates, cover letter generators, and job listings. The service helps over 10 million users across 180 countries. Based on the scale of the leak, researchers estimate that nearly half of the platform’s users may have had their data compromised.
The documents included a wealth of personally identifiable information (PII) such as full names, phone numbers, email addresses, home addresses, and complete employment histories. With this level of detail, experts warn that affected individuals face a heightened risk of targeted phishing schemes, financial fraud, and impersonation.
Despite multiple attempts by Cybernews to reach LiveCareer, the company has not issued a public statement regarding the breach as of publication.
This is not the first instance when job seekers' private data has been exposed online. Security experts emphasise that cloud storage misconfigurations remain a persistent problem in 2025. Improperly secured Azure, AWS, and Google Cloud instances continue to expose sensitive data across industries.
In this case, the LiveCareer exposure appears to have gone unnoticed for years, with some of the leaked documents possibly accessible since 2016.
The problems with this extends beyond basic privacy concerns. With emails and phone numbers exposed, attackers can launch sophisticated phishing, vishing or voice phishing, and smishing (SMS phishing) attacks.
By impersonating employers or recruiters, cyber criminals can lure victims into sharing even more sensitive information, including identification documents and financial details. Fraudulent job offers, or requests for training fees, are common tactics used to exploit such data.
Previous research by Cybernews revealed that HireClick, a recruitment platform for small to mid-sized businesses, leaked 5.7M files with applicants’ resumes. Foh&Boh, a US hiring platform used by KFC, Taco Bell, and Hyatt Grand, also exposed millions of applicants’ resumes, revealing all they wanted to share with potential employers.
In May 2025 one of the largest employment platforms in Europe, beWanted, exposed a trove of sensitive details, revealing job seekers’ personal information, ranging from names to national ID numbers. In 2024, a Singapore-based remote hiring platform, Snaphunt, leaked over two hundred thousand CVs of job candidates dating from 2018 to 2023.
Cybernews | Cybernews | TEISS | SCWorld | Security Review | Security Review
Image: Anna Shvets
You Might Also Read:
On Trend With Zero-Trust Architecture & Multi-Cloud Environments:
If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible
MIRACL
MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.
CSI Consulting Services
Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.
BackupVault
BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.
CYRIN
CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.
Syxsense
Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.
Pondurance
Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.
Cloud Foundry Foundation (CFF)
Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.
IPCopper
IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.
Secmentis
Secmentis is a cyber security consultancy specializing in penetration testing, threat intelligence, and proactive defense for your IT infrastructure.
Hitachi Systems Security
Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.
Synack
Synack provides a hacker-powered intelligence platform that uncovers security vulnerabilities that often remain undetected by traditional pen testers and scanners.
Granted Consultancy
Granted Consultancy is a business consultancy that specialises in securing funding to support companies with the development and commercialisation of new and innovative products and technologies.
Pinpoint Search Group
Pinpoint Search Group's recruiters specialize in Information Management, Cyber Security, Cloud and Robotic Process Automation (RPA).
Genius Guard
Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.
Appsec Phoenix
Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.
Genix Cyber
Genix Cyber provides world-class cybersecurity services that protect systems, cloud applications, infrastructure, critical data, and networks from evolving cyber threats.
Vantor
Vantor is a Managed Security Services Provider (MSSP) that specializes in providing outsourced, managed cybersecurity services.
Maveris
Maveris is an IT and cybersecurity company committed to helping organizations create secure digital solutions to accelerate their mission.
