Leak of resumes and CVs — Image by Cybernews.

Foh&Boh, a US hiring platform used by KFC, Taco Bell, Hyatt Grand, and others, has exposed millions of applicants’ resumes, revealing all they wanted to share with potential employers.

Job seekers’ burdens never ease, the latest research from the Cybernews research team suggests. Foh&Boh, as a US-focused hiring and onboarding platform for restaurants, hotels, and retailers accidentally exposed millions of candidates’ CVs and resumes.

According to Foh&Boh’s website, the platform's users include such industry behemoths as Taco Bell, KFC, Omni Hotels & Resorts, Nordstrom, and many others. After multiple attempts to reach the company, the exposed dataset was closed and is no longer publicly accessible.

We have reached out to Foh&Boh for comment, and will update the article once we receive a reply.

Stay informed and get our latest stories on Google News

The data was stored on an exposed AWS bucket with a whopping 5.4 million files. The vast majority of exposed records are CVs and resumes that job seekers have submitted. This means that if malicious actors have been able to access the exposed dataset, they have obtained any details applicants would share with a potential employer.

The team claims that leaked details include:

Full names
Phone numbers
Email addresses
Dates of birth
Nationalities
Places of birth
Social media links
Employment history
Education background

“The leak significantly heightens the risk of identity theft, enabling cybercriminals to create synthetic identities or fraudulent accounts, leaving individuals exposed to a range of sophisticated cyberattacks,” the researchers said.

Data sample — Sample of the leaked data. Image by Cybernews.

How can the Foh&Boh leak affect users?

Since resumes contain virtually a full set of details about individuals, attackers can utilize the information for identity theft. At least in theory, this could enable cybercrooks to open fake bank accounts and apply for credit under candidates’ names.

Another vector that attackers may focus on is targeted phishing campaigns. For example, attackers could impersonate past employers to lure job seekers into revealing sensitive financial information or installing malware.

“Attackers could craft highly personalized emails referencing specific job details or interests from the resumes, making their phishing attempts ever more convincing. This targeted approach could deceive candidates more easily, exposing them to further risks,” the team said.

As no low is too deep for attackers, they could attempt to prey on people in difficult financial situations, luring them into “get rich fast” scams and similar types of scams.

“Similar tactics may be used to spread malware, steal additional confidential information, or damage reputations. Overall, this breach creates multiple risks for exposed individuals,” the team said.

To avoid accidentally exposing millions of records, the team advises businesses to change the access controls, restricting public access. Additionally, admins should update permissions to ensure that only authorized users or services have the necessary access.

It’s also necessary to retrospectively review access logs to find out whether the bucket has been accessed by unauthorized actors.

Other mitigation measures include: