5.1M private files of job seekers just got exposed. Here’s what we know

A job search platform exposed over 5 million resumes, putting millions of job seekers at risk of identity theft and targeted scams.

Researchers at Cybernews have stumbled upon a major data security mishap affecting job seekers worldwide. An unprotected Microsoft Azure storage container has spilled over 5.1 million files, mostly resumes and CVs, for anyone to find on the internet.

A misconfigured cloud setup is linked to LiveCareer, a job search and resume-building platform used by millions globally. Founded in 2004, the platform offers resume templates, cover letter builders, and job search tools.

More than 10 million users have relied on its services, spanning across 180 countries. Now, at least half that user base could be potentially affected by the data leak.

What data did LiveCareer leak?

• Full names
• Phone numbers
• Email addresses
• Home addresses
• Full professional histories

Almost a decade’s worth of data leaked

The exposed documents, dated between 2016 and 2025, are a goldmine of personally identifiable information (PII), all laid bare for exploitation. Nine years’ worth of resumes suggest that some of the private information has been exposed for an extended period of time without users ever knowing.

The scale and detail of this leak put the victims at risk of identity theft, fraud, and targeted harassment. At the core of most resumes is an alarming amount of PII. This type of data is often used by identity thieves to create fake personalities and commit fraud.

With phone numbers and email addresses exposed, victims are prime targets for phishing, vishing, and smishing attacks. And with detailed personal information in hand, attackers can craft highly targeted and convincing phishing campaigns to extract financial data.

For example, threat actors can pose as recruiters or employers offering fake jobs. Victims might receive realistic requests for background checks or “training fees,” while fake job portals can trick victims into uploading even more sensitive information, including ID scans or bank details.

Cybernews has contacted the company multiple times. An official comment has not been provided at the time of publishing.

Job seekers are not safe

Cloud storage leaks are still a plague in 2025. Misconfigured Azure, AWS, and Google Cloud storage instances have become one of the most common and embarrassing ways that sensitive data ends up in the wild.

This is not the first instance when job seekers' private data has been spilled online. Previous research by Cybernews revealed that HireClick, a recruitment platform for small to mid-sized businesses, leaked 5.7M files with applicants’ resumes.

Foh&Boh, a US hiring platform used by KFC, Taco Bell, and Hyatt Grand, also exposed millions of applicants’ resumes, revealing all they wanted to share with potential employers.

Another study uncovered that Take Valley News Live, a North Dakota-based television station, exposed sensitive job seekers' data to anyone on the internet.

Just at the beginning of May, one of the largest employment platforms in Europe, beWanted, exposed a trove of sensitive details, revealing job seekers’ personal information, ranging from names to national ID numbers.

Last year, a Singapore-based remote hiring platform, Snaphunt, leaked over two hundred thousand CVs of job candidates dating from 2018 to 2023.

Disclosure timeline:

Leak discovered: March 10th, 2025

Initial disclosure: March 12th, 2025

CERT contacted: March 19th, 2025