5 million Adecco.com users’ data leaked

We recently discovered that a user on a popular hacking forum was purportedly selling the stolen credentials from 6 South American countries for the Swiss-based Adecco Group, the second largest human resources and temp staffing provider in the world. Adecco is also a Fortune 500 Global company.

The database for sale contained 5 million records and covers six Latin American/South American countries:

  • Peru
  • Brazil
  • Argentina
  • Colombia
  • Chile
  • Ecuador

Soon after the post was published, it was taken down by the author. This appears to be the same threat actor behind the recent VPN leaks.

We reached out to Adecco to verify that the data belonged to them, but they have not responded yet.

Adecco has suffered a data breach in the past. In August 2019, Adecco Group informed Belgium’s privacy regulator that the biometric data of roughly 2,000 of the employees for its Belgian unit had been compromised due to a breach of Suprema ID Inc., which had supplied biometric services for Adecco.

The database appears to have been left open to the public with weak credentials. The year for this database is listed as 2021.

To see if any of your online accounts were exposed in this or other security breaches, use our personal data leak checker with a library of 15+ billion breached accounts.

What data was included in the leak

The database supposedly contains a few different categories of data. These include:

  1. “Candidatos_datos_personales” (candidates’ personal data) with 4,543,938 lines:
    1. The candidate’s full name
    2. Gender
    3. Marital status
    4. Date of birth
    5. Country
  2. “Candidatos_candidatos_by_email” with 3,763,836 lines:
    1. The candidate’s full name
    2. Email address
    3. State
    4. ID and creation date
    5. Passwords (bcrypt hashes with a cost of 10, which is a strong hashing algorithm)
    6. Country
  3. “Candidatos_login” with 5,321,943 lines:
    1. Full name
    2. Gender
    3. Date of birth
    4. Country
    5. ID
    6. Marital status
Sample of data from “candidatos_datos_personales”

The database was Apache Cassandra, which is a free and open-source database management system, with default credentials – a very poor security practice.

What’s the impact of the leak?

It is unclear at the moment why the post was removed by the author. One likely scenario is that the database was sold quickly.

In this scenario, these users’ data could be in the hands of a cybercriminal who may want to use it for various malicious purposes.

This includes:

  • Using the data for targeted spear phishing attacks
  • Collecting and spamming users’ emails and phones
  • Brute-forcing users’ other online accounts

What to do next

If your data has been included in the data leak, or you believe your data has, there are a few important steps you need to follow:

  • Change your passwords immediately. You should be using a unique password for each account you create. To help you with that, use a trusted password manager that can create really strong passwords you don’t need to remember.
  • Add two-factor authentication (2FA) on your most sensitive accounts, including your primary email account. That way, even if a bad actor were able to uncover your credentials, they wouldn’t be able to get into your account.
  • Watch out for suspicious emails, as they may be phishing attempts. Avoid clicking on links from suspicious emails.
  • Watch out for suspicious activity on your financial accounts, and set up identity theft monitoring.

Build your secure personal and business online presence

Leave a Reply

Your email address will not be published. Required fields are markedmarked