ADVERTISEMENT

Recruiting software maker exposes nearly 26M resumes

TalentHook, a cloud-based applicant tracking system, left a misconfigured instance open. It spilled tens of millions of job seekers’ CVs, full of personal details ranging from full names to home addresses.

TalentHook leaks millions of resumes

Image by Cybernews.

Vilius Petkauskas
Vilius Petkauskas Deputy Editor
Jul 3, 2025 Updated: 7 July 2025 2 min read
Stefanie Marcus Walsh Niamh Ancell chrissw
Get our latest stories today on Google News
Add us as your Preferred Source on Google.

What job seekers’ data was exposed?

ADVERTISEMENT
  • Full names
  • Email addresses
  • Phone numbers
  • Education
  • Professional details
  • Employment history
TalentHook leaked data sample
Image by Cybernews.
  • Change the access controls to restrict public access and secure the container.
  • Update permissions to ensure that only authorized users or services have the necessary access.
  • Retrospectively monitor access logs to assess whether the bucket has been accessed by unauthorized actors.
  • Enable server-side encryption to protect data at rest.
  • Use Microsoft Azure Key Vault for managing encryption keys securely.
  • Consider implementing security best practices, including regular audits, automated security checks, and employee training.

  • Leak discovered: January 7th, 2025
  • Initial disclosure: April 2nd, 2025
  • CISA contacted: April 9th, 2025
  • CERT contacted: May 13th, 2025
ADVERTISEMENT