This post is also available in:
עברית (Hebrew)
A significant data breach has been uncovered involving HireClick, a recruitment platform catering to small and mid-sized businesses. The leak, which was first detected on February 27, 2025, by Cybernews, exposed over 5.7 million files, primarily resumes, due to a misconfigured Amazon AWS S3 storage bucket. These files contained highly sensitive personal data from job seekers, leaving them vulnerable to a wide range of cybercriminal activities.
Among the compromised information were full names, home addresses, email addresses, phone numbers, and employment history, according to Cybernews. This breach presents a severe risk to those whose data was exposed, as scammers can use this trove of personal details to carry out phishing attacks and even identity theft.
The nature of the leak allows fraudsters to impersonate recruiters or hiring managers, tricking job seekers into sharing additional sensitive information such as ID scans, Social Security numbers, or banking details. In some cases, attackers may use the leaked phone numbers to call victims, posing as HR representatives and coercing them into installing malware or divulging financial data.
This type of breach could also facilitate more malicious activities, including doxxing, where attackers expose personal information. With names, email addresses, phone numbers, and home addresses now available to cybercriminals, the potential for targeted harassment has escalated.
The full scope of the leak, including how long the data was publicly accessible, remains unclear.
This breach adds to a growing list of incidents in which recruitment platforms have unintentionally exposed job seekers’ private data. As the frequency of data breaches continues to rise, it’s clear that recruitment platforms must implement stronger security measures to protect job seekers’ sensitive information. The HireClick incident highlights the urgent need for tighter data access controls and more rigorous monitoring of storage systems. Until these issues are addressed, individuals sharing personal details on hiring platforms will remain vulnerable to increasingly sophisticated scams and identity theft..
