As part of the regular sweep over the Deep Web and Dark Web, Cyble researchers came across an interesting item, where a threat actor posted 2.3GB (zipped) file on one of the hacking forums carrying details of the job seekers’ personal data. “Cyble researchers have identified a sensitive data breach on the darkweb where an actor has leaked personal details of ~29 Million Indian Job Seekers from the various states,” Cyble wrote in a blog post last week. This breach includes sensitive information such as email, phone, home address, qualification, work experience, current employer, previous employer, current salary, etc. of job seekers spanning across states, from cities such as Mumbai, Chennai, Delhi, Hyderabad, Pune, and Bengaluru.
“We usually see this sort of leaks all the time, but this time, the message header got our attention as it included a lot of personal details – where most of the things are generally static such as education, address etc.,” the company added. The leaked screenshots of the data posted by Cyble also mention two well-known job portals in India: Naukri and Times Jobs. “Cybercriminals are always on the lookout for such personal information to carry out various nefarious activities such as identity thefts, scams, and corporate espionage,” Cyble said. According to Cyble, the original leak appears to be from a resume (CV) aggregator service that collects data from different job portals in India. The cybersecurity firm has acquired the leaked data and indexed this information on its data breach monitoring and notification platform, Amibreached.com. Those who are concerned about their information leakage ca ascertain the risks by registering on the aforesaid platform. At the time of writing, Cyble’s team is still conducting an in-depth investigation of the source of the leak. Keep watching this space for more details, as this is a developing story!