5.7 million files were compromised on February 27, 2025, but you didn’t hear about it. They were under the care of HireClick, but because of a misconfiguration of an Amazon AWS S3 storage bucket, they were leaked.
This leak was almost entirely of résumés containing:
→ Full names
→ Home addresses
→ Email addresses
→ Phone numbers
→ Detailed employment and education histories
→ Work experience and job titles
→ Professional references
→ Certifications and qualifications
→ Other personal identifiers (e.g., links to LinkedIn profiles)
You might think, “What’s the big deal? It’s only a résumé.”
Here’s why it’s a big deal:
1. Identity Theft and Fraudulent Accounts
Scammers can use this information to create fake identities, open fraudulent accounts, apply for loans or leases, or even falsify documents using your credentials.
2. Employment Verification and Impersonation
Scammers may use your work history to build a credible fake identity, complete with fraudulent resumes and references. This identity can be used to secure jobs or financial benefits in your name.
3. Fake Job Offer Scams
Using your contact information, scammers may reach out pretending to represent reputable companies. They often offer fake jobs and then request upfront payments for training materials, certifications, or background checks-costs that legitimate employers never require.
4. Phishing and Social Engineering
With details from your resume, scammers can craft highly convincing phishing emails or calls, tricking you into revealing more sensitive information like Social Security numbers or passwords.
5. Paycheck Diversion
By impersonating you, scammers may contact your employer’s HR department and attempt to change your direct deposit information, diverting your salary to their own accounts.
6. Credential Stuffing and Account Hacking
Information such as your email address, education, or workplace can help scammers guess passwords or answer security questions for your accounts.
7. Posing as You to Scam Others
Scammers can use your identity to trick others by offering fake jobs or soliciting sensitive information from your contacts, damaging your reputation and potentially causing legal or financial trouble for you.
💡 HireClick's job distribution network includes major job boards and regional employment sites such as Indeed, ZipRecruiter, Glassdoor, Google for Jobs, Facebook Jobs, LinkedIn, Monster, and several local job boards like KELOLAND Employment, OurQuadCitiesJobs[.]com, SiouxCityJobs[.]com, KXNetJobs[.]com, VNLEmployment[.]com, OmahaJoblist.[]com, LincolnJoblist[.]com, and DesMoinesJoblist[.]com
Other notable leaks in the job recruitment industry:
Foh&Boh: A platform used by major brands like KFC and Taco Bell leaked millions of applicant resumes
Valley News Live: A North Dakota TV station exposed applicant data publicly
beWanted (Europe): Leaked resumes with names and national ID numbers in May 2025
Snaphunt (Singapore): Exposed over 200,000 CVs from 2018 to 2023
Source: https://dailysecurityreview.com/security-spotlight/hireclick-exposes-5-7-million-resume-files-due-to-misconfigured-cloud-storage/
Story developing…
#TheProfiler 🕵🏾♂️
🚨🚨 P.S. Did you get my guide that will help you avoid scams in the job market? If not, get it here: https://lnkd.in/ghKdzmSU
➡ Follow The Job Applicant Perspective on LinkedIn.
➡ Follow JAY JONES, CPRW (that’s me!) to protect yourself in this job market.
🫱🏾🫲🏾 Subscribe to my Substack.