HireClick

HireClick, a U.S.-based small to mid-sized business recruitment platform, suffered a major data exposure incident due to an unsecured Amazon AWS S3 storage bucket, leading to the inadvertent leak of over 5.7 million files, primarily resumes. The exposed data included full names, phone numbers, home addresses, email addresses, and employment histories of job seekers. Cybersecurity researchers from Cybernews warned that threat actors could exploit this information for phishing, smishing, and vishing attacks impersonating recruiters or hiring managers to steal banking details, deploy malware, or conduct doxxing. The misconfigured bucket remained unaddressed by HireClick at the time of discovery (late February), amplifying risks of identity theft, financial fraud, and reputational damage. The incident aligns with a rising trend of job-seeker data breaches, with similar exposures reported at platforms like Foh&Boh and beWanted in early 2024. The lack of timely remediation further exacerbates potential long-term consequences for affected individuals and the company’s credibility.

Source: https://www.scworld.com/brief/misconfigured-hireclick-storage-bucket-exposes-over-5-7m-files

TPRM report: https://www.rankiteo.com/company/hireclick

"id": "hir2032320112825",
"linkid": "hireclick",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '5.7 million (files exposed)',
                        'industry': 'human resources/recruitment',
                        'location': 'United States',
                        'name': 'HireClick',
                        'size': 'small to mid-sized business (SMB)',
                        'type': 'recruitment platform'}],
 'attack_vector': 'unsecured cloud storage (AWS S3 bucket)',
 'data_breach': {'data_encryption': 'no (data was unprotected)',
                 'data_exfiltration': 'unintentional (via unsecured bucket)',
                 'file_types_exposed': ['resumes (likely PDF/DOCX)',
                                        'potential spreadsheets or databases'],
                 'number_of_records_exposed': '5.7 million files',
                 'personally_identifiable_information': ['full names',
                                                         'phone numbers',
                                                         'home addresses',
                                                         'email addresses'],
                 'sensitivity_of_data': 'high (includes full names, contact '
                                        'details, employment history)',
                 'type_of_data_compromised': ['personally identifiable '
                                              'information (PII)',
                                              'employment records']},
 'date_detected': '2024-02-29',
 'date_publicly_disclosed': '2024-03-01',
 'description': 'U.S. small to mid-sized business-oriented recruitment '
                'platform HireClick had more than 5.7 million files '
                'inadvertently exposed by an unsecured Amazon AWS S3 storage '
                'bucket. Most of the leaked files were resumes, which included '
                'full names, phone numbers, home addresses, email addresses, '
                'and employment information. Attackers could potentially '
                'leverage the exposed data to facilitate phishing, smishing, '
                'and vishing campaigns (e.g., impersonating recruiters or '
                'hiring managers to compromise banking details or deploy '
                'malware), as well as doxxing activities. HireClick has yet to '
                'address the misconfigured database.',
 'impact': {'brand_reputation_impact': 'high (potential loss of trust among '
                                       'job seekers and businesses)',
            'data_compromised': ['resumes',
                                 'full names',
                                 'phone numbers',
                                 'home addresses',
                                 'email addresses',
                                 'employment information'],
            'identity_theft_risk': 'high (exposed PII enables phishing, '
                                   'smishing, vishing, and doxxing)',
            'payment_information_risk': 'indirect (via phishing/social '
                                        'engineering targeting exposed '
                                        'contacts)',
            'systems_affected': ['Amazon AWS S3 storage bucket']},
 'investigation_status': 'ongoing (no public remediation reported)',
 'motivation': ['opportunistic',
                'potential for financial gain via phishing/social engineering',
                'doxxing'],
 'post_incident_analysis': {'root_causes': ['misconfigured AWS S3 bucket (lack '
                                            'of access restrictions)',
                                            'absence of encryption for '
                                            'sensitive data']},
 'recommendations': ['Implement strict access controls for cloud storage '
                     '(e.g., AWS S3 bucket policies, IAM roles).',
                     'Enable default encryption for data at rest in cloud '
                     'storage.',
                     'Conduct regular security audits for misconfigured '
                     'resources.',
                     'Monitor for unauthorized access attempts to cloud '
                     'storage.',
                     'Provide transparency to affected individuals and offer '
                     'identity protection services.'],
 'references': [{'date_accessed': '2024-03-01', 'source': 'Cybernews'}],
 'title': 'HireClick Unsecured AWS S3 Bucket Exposes 5.7 Million Resumes and '
          'Sensitive Data',
 'type': ['data exposure', 'misconfiguration'],
 'vulnerability_exploited': 'misconfigured AWS S3 bucket (lack of access '
                            'controls)'}