TalentHook

Security researchers from Cybernews discovered an unprotected database containing almost 26 million files, primarily resumes and CVs of US citizens. The exposed data included full names, email addresses, phone numbers, education details, professional details, and employment history. This leak poses a significant risk as cybercriminals could use this information to create targeted phishing attacks, potentially leading to malware downloads or credential theft. The database remains open, and there is no confirmation that TalentHook has secured it.

Source: https://www.techradar.com/pro/security/over-26-million-resumes-exposed-in-top-cv-maker-data-breach-heres-what-we-know

TPRM report: https://scoringcyber.rankiteo.com/company/resource-edge

"id": "res720070725",
"linkid": "resource-edge",
"type": "Breach",
"date": "7/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Human Resources',
                        'name': 'TalentHook',
                        'type': 'Organization'}],
 'attack_vector': 'Misconfigured Azure Blob storage',
 'data_breach': {'number_of_records_exposed': '26 million',
                 'personally_identifiable_information': ['Full names',
                                                         'Email addresses',
                                                         'Phone numbers',
                                                         'Education details',
                                                         'Professional details',
                                                         'Employment history'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Resumes', 'CVs']},
 'description': 'Security researchers have discovered another large '
                'unprotected database which was leaking sensitive information '
                'to the general public. Analysts from Cybernews found a '
                'misconfigured Azure Blob storage container available to '
                'anyone who knew where to look. The archive contained almost '
                '26 million files, and it was later determined that most of '
                'the files were resumes and CVs belonging to US citizens, '
                'including people’s full names, email addresses, phone '
                'numbers, education details, professional details, and '
                'employment history.',
 'impact': {'data_compromised': ['Full names',
                                 'Email addresses',
                                 'Phone numbers',
                                 'Education details',
                                 'Professional details',
                                 'Employment history'],
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing',
 'post_incident_analysis': {'corrective_actions': 'Change access controls to '
                                                  'restrict public access and '
                                                  'secure the container',
                            'root_causes': 'Misconfigured Azure Blob storage'},
 'recommendations': ['Change access controls to restrict public access and '
                     'secure the container'],
 'references': [{'source': 'Cybernews'}],
 'response': {'remediation_measures': ['Advised to change access controls to '
                                       'restrict public access and secure the '
                                       'container']},
 'title': 'Cybernews finds huge database full of resumes and CVs',
 'type': 'Data Leak',
 'vulnerability_exploited': 'Misconfiguration'}