Major employment platform leaks 1.1M job seekers’ details

Last updated: 1 May 2025
beWanted data leak
Image by Cybernews.

beWanted, one of the largest employment platforms in Europe, exposed a trove of sensitive details, revealing job seekers’ personal information, ranging from names to national ID numbers.

While shopping for new career opportunities can be fun, losing your personal details in the process is definitely not. Meanwhile, the Cybernews research team discovered an exposed GCS bucket with over 1.1 million files, owned by a talent pool platform, beWanted.

Headquartered in Madrid, Spain, the company describes itself as “the largest Talent Pool ecosystem in the world.” beWanted is a software-as-a-service (SaaS) enabled business, connecting job seekers with potential employers. The company has offices in Mexico, Germany, and the UK.

ADVERTISEMENT
Ernestas Naprys Paulina Okunyte Gintaras Radauskas jurgita
Be the first to know and get our latest stories on Google News
Google News Follow us

The team discovered the exposed instance last November, yet despite numerous attempts to contact beWanted, the data remains publicly accessible.

We have reached out to the company for an official comment, but are yet to receive a reply.

What data beWanted leaked?

According to the researchers, the vast majority of the files from over a million leaked are job seekers’ CVs and resumes. The leaked data includes details that a person looking for a new job would typically include, such as:

  • Full names and surnames
  • Phone numbers
  • Email addresses
  • Home addresses
  • Dates of birth
  • National ID numbers
  • Nationalities
  • Places of birth
  • Social media links
  • Employment history
  • Educational background

The team believes that a data leak involving over a million files, with each one likely representing a single person, represents a critical security incident for beWanted. Having the data exposed for at least six months makes it even worse: malicious actors continue to scour the web for unprotected instances, downloading anything they can get their hands on.

“This exposure creates multiple attack vectors, enabling cybercriminals to engage in identity theft, where personal information can be used to create synthetic identities or fraudulent accounts,” researchers said.

ADVERTISEMENT

“This exposure creates multiple attack vectors, enabling cybercriminals to engage in identity theft, where personal information can be used to create synthetic identities or fraudulent accounts.”

Malicious actors can also utilize leaked information for highly personalized and credibly looking phishing attempts that could lead to unauthorized access to financial accounts, credentials, or additional sensitive data.

“The leak increases the potential for social engineering attacks, as attackers can impersonate fake recruitment agencies or leverage the leaked data to infiltrate professional networks, spreading malware or extracting further confidential information,” the team said.

Moreover, the leaked details revealed that the scope of the problem is global. For example, the leaked national ID numbers come from citizens of Spain, Argentina, Guatemala, Honduras, and other countries.

To mitigate the issue and avoid similar problems in the future, the team advises to:

  • Restrict Public Access. Remove any public permissions on the bucket. Enable Public Access Prevention to ensure the bucket is not accessible by unauthorized users.
  • Implement Access Controls. Assign permissions only to authorized users and services based on their specific needs. Follow the Principle of Least Privilege to minimize access.
  • Monitor Access Activity. Enable Cloud Audit Logs to track all access to the bucket. Configure alerts through Cloud Monitoring to detect and respond to suspicious activity.
  • Enable Data Encryption. Activate server-side encryption to protect data at rest. Utilize Google Cloud Key Management Service (KMS) for secure key management.
  • Enforce Secure Data Transmission. Require the use of SSL/TLS for all data transfers to and from the bucket. Block any non-secure (HTTP) connections.
  • Adopt Security Best Practices: Conduct regular security audits and reviews of permissions and configurations. Use Google Cloud Security Command Center for automated security assessments.
  • Leak discovered: November 12th, 2024
  • Initial disclosure: November 28th, 2024
  • CERT contacted: February 3rd, 2025
ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Thousands of Node developers compromised by malware in popular npm packages
Accessing public WiFi with iOS 19 might become a little easier
Russia’s aviation personnel's health data leaked en masse
“Hello pervert” sextortion scam: how not to react
German DPA orders Meta to halt AI training with EU user data
Mexico sues Google over “Gulf of America”
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked