A job search platform exposed over 5 million resumes, putting millions of job seekers at risk of identity theft, targeted scams and fraud. The leak, discovered by cyber security researchers at Cybernews, comes from a misconfigured Microsoft Azure storage container that is accessible on the Internet.
The unsecured cloud bucket contained more than 5.1 million files, predominantly resumes and CVs, dating from 2016 to 2025.
The breach is linked to LiveCareer, a platform founded in 2004 that provides digital tools for job seekers including resume templates, cover letter generators, and job listings. The service helps over 10 million users across 180 countries. Based on the scale of the leak, researchers estimate that nearly half of the platform’s users may have had their data compromised.
The documents included a wealth of personally identifiable information (PII) such as full names, phone numbers, email addresses, home addresses, and complete employment histories. With this level of detail, experts warn that affected individuals face a heightened risk of targeted phishing schemes, financial fraud, and impersonation.
Despite multiple attempts by Cybernews to reach LiveCareer, the company has not issued a public statement regarding the breach as of publication.
This is not the first instance when job seekers' private data has been exposed online. Security experts emphasise that cloud storage misconfigurations remain a persistent problem in 2025. Improperly secured Azure, AWS, and Google Cloud instances continue to expose sensitive data across industries.
In this case, the LiveCareer exposure appears to have gone unnoticed for years, with some of the leaked documents possibly accessible since 2016.
The problems with this extends beyond basic privacy concerns. With emails and phone numbers exposed, attackers can launch sophisticated phishing, vishing or voice phishing, and smishing (SMS phishing) attacks.
By impersonating employers or recruiters, cyber criminals can lure victims into sharing even more sensitive information, including identification documents and financial details. Fraudulent job offers, or requests for training fees, are common tactics used to exploit such data.
Previous research by Cybernews revealed that HireClick, a recruitment platform for small to mid-sized businesses, leaked 5.7M files with applicants’ resumes. Foh&Boh, a US hiring platform used by KFC, Taco Bell, and Hyatt Grand, also exposed millions of applicants’ resumes, revealing all they wanted to share with potential employers.
In May 2025 one of the largest employment platforms in Europe, beWanted, exposed a trove of sensitive details, revealing job seekers’ personal information, ranging from names to national ID numbers. In 2024, a Singapore-based remote hiring platform, Snaphunt, leaked over two hundred thousand CVs of job candidates dating from 2018 to 2023.
Cybernews | Cybernews | TEISS | SCWorld | Security Review | Security Review
Image: Anna Shvets
You Might Also Read:
On Trend With Zero-Trust Architecture & Multi-Cloud Environments:
If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible
Directory of Suppliers
RELIANOID
RELIANOID provides advanced Application Delivery and integrated security solutions to protect and optimize critical digital services.
IT Governance
IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.
CYRIN
CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.
Alvacomm
Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.
TÜV SÜD Academy UK
TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.
Code Decode Labs
Code Decode Labs provides consulting for IT Technology, Cyber Security, Advanced Defense & Policing Technologies, Intelligent Networks, and Information Security.
Interpol
Interpol is the world’s largest international police organization. It is committed to the global fight against cybercrime, as well as tackling cyber-enabled crimes.
Bugcrowd
As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.
The Data Privacy Group
The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.
Conviso
Conviso is a consulting company specialized in Application Security and Security Research.
Griffeshield
Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.
TAC Security (TAC Infosec)
TAC Security (aka TAC Infosec) is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.
Brighterion
Brighterion solutions stop payment and acquirer fraud, reduce credit risk and delinquency, fight financial crime, prevent healthcare fraud, waste and abuse, and more.
Krypsis
Krypsys is an information security company with a focus on helping you defend your information and data against emerging security threats.
PricewaterhouseCoopers (PwC)
PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.
Netlinkz
Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.
Tenable
Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.
ThreatFabric
ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.
BlackSwan Technologies
BlackSwan Technologies is reinventing enterprise software through Agile Intelligence for the Enterprise – a fusion of data, artificial intelligence, and cloud technologies.
CYNC Secure
CYNC boosts cybersecurity remediation by consolidating fragmented data and optimizing operational processes.