The Loop is dead, but your personal data isn’t. Over two million files packed with personal data are still sitting online, waiting to ruin someone's day.
- Australia's former hottest platform for creative jobs, founded by MTV executives, shut down in 2024, exposing sensitive user data.
- 2.1 million files leaked from The Loop’s misconfigured Google Cloud bucket, including resumes with full names, addresses, phone numbers, emails, and career histories.
- Using this data, scammers can craft hyper-targeted phishing, vishing, and smishing attacks, putting users at risk.
- No one has responded yet to secure the data.
It turns out that when a company dies, your data doesn’t. The Loop, once hailed as Australia’s hottest networking platform for creatives – backed by the likes of MTV, VICE, and the BBC – may have vanished from the internet in 2024, but its users are still out there bleeding data.
In February 2025, Cybernews security researchers stumbled on something that should’ve never seen daylight: a misconfigured Google Cloud bucket holding 2.1 million files, wide open to anyone on the internet.
The leaked files were highly sensitive, such as raw resumes, complete with full names, home addresses, phone numbers, emails, and detailed career and education histories.
Basically, everything a scammer needs to pretend to be you or sell you a fake job while stealing your bank info.
What Loop data was leaked?
- Resumes with educational and professional background
- Full names
- Home addresses
- Email addresses
- Phone numbers
Founded by former MTV executives Pip Jamieson and Matt Fayle, the Loop claimed to have 100,000 artists onboard, who they connect with 16,000 businesses.
Cybernews has tried to reach out to the company and CERT but received no response.
What could go wrong with the Loop’s leak? Literally everything
A data leak like this, with fully stacked personal profiles, opens up a buffet of bad outcomes – especially when the people affected are creatives and freelancers who rely on their online presence and trust to land work.
With detailed resumes, scammers can craft insanely personalized phishing emails that look legit. Imagine getting an email that references your real job title, past clients, and even the tools you use – all pulled from your own CV. Now, throw in a fake job offer, a contract to sign, or a request to “verify your identity” with a copy of your passport.
When scammers have your phone number and background, voice scams (vishing) and text scams (smishing) get super convincing. Imagine getting a call from someone claiming to be from a creative agency you've actually applied to, asking for “final confirmation” of your banking info.
With your name, address, birthday, email, phone number, and job history, a fraudster can pretend to be you to your clients or employers and issue them fake invoices.
This may seem like a barely plausible scenario to some. So, let’s remember the most audacious cyber scam of all time: when a Lithuanian man hustled Facebook and Google into wiring him over $100 million.
Two of the world’s biggest tech giants fell for fake PDF invoices sent over an email. Over two years, Facebook and Google just kept paying up, no questions asked. Imagine how much easier it is for small businesses to fall for the trick.
Disclosure timeline:
Discovered: February 20th, 2025
Initial disclosure: February 24th, 2025
CERT contacted: February 24th, 2025
Your email address will not be published. Required fields are markedmarked