Major Data Breach Exposes Five Million Jobseekers

5 min read Original article ↗

A job search platform exposed over 5 million resumes, putting millions of job seekers at risk of identity theft, targeted scams and fraud. The leak, discovered by cyber security researchers at Cybernews, comes from a misconfigured Microsoft Azure storage container that is accessible on the Internet.

The unsecured cloud bucket contained more than 5.1 million files, predominantly resumes and CVs, dating from 2016 to 2025. 

The breach is linked to LiveCareer, a platform founded in 2004 that provides digital tools for job seekers including resume templates, cover letter generators, and job listings.  The service helps over 10 million users across 180 countries. Based on the scale of the leak, researchers estimate that nearly half of the platform’s users may have had their data compromised.

The documents included a wealth of personally identifiable information (PII) such as full names, phone numbers, email addresses, home addresses, and complete employment histories.  With this level of detail, experts warn that affected individuals face a heightened risk of targeted phishing schemes, financial fraud, and impersonation.

Despite multiple attempts by Cybernews to reach LiveCareer, the company has not issued a public statement regarding the breach as of publication.

This is not the first instance when job seekers' private data has been exposed online. Security experts emphasise that cloud storage misconfigurations remain a persistent problem in 2025. Improperly secured Azure, AWS, and Google Cloud instances continue to expose sensitive data across industries. 

In this case, the LiveCareer exposure appears to have gone unnoticed for years, with some of the leaked documents possibly accessible since 2016.

The problems with this extends beyond basic privacy concerns. With emails and phone numbers exposed, attackers can launch sophisticated phishing, vishing or voice phishing, and smishing (SMS phishing) attacks. 

By impersonating employers or recruiters, cyber criminals can lure victims into sharing even more sensitive information, including identification documents and financial details. Fraudulent job offers, or requests for training fees, are common tactics used to exploit such data.

Previous research by Cybernews revealed that HireClick, a recruitment platform for small to mid-sized businesses, leaked 5.7M files with applicants’ resumes.  Foh&Boh, a US hiring platform used by KFC, Taco Bell, and Hyatt Grand, also exposed millions of applicants’ resumes, revealing all they wanted to share with potential employers.

In May 2025 one of the largest employment platforms in Europe, beWanted, exposed a trove of sensitive details, revealing job seekers’ personal information, ranging from names to national ID numbers. In 2024, a Singapore-based remote hiring platform, Snaphunt, leaked over two hundred thousand CVs of job candidates dating from 2018 to 2023.

Cybernews  |   Cybernews  |   TEISS  |  SCWorld  |    Security Review  |   Security Review 

Image: Anna Shvets

You Might Also Read: 

On Trend With Zero-Trust Architecture & Multi-Cloud Environments:


If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

RELIANOID

RELIANOID

RELIANOID provides advanced Application Delivery and integrated security solutions to protect and optimize critical digital services.

4Secure

4Secure

For over two decades, 4Secure has specialised in cyber security consultancy, safeguarding the worlds critical Infrastructure through securely bridging air gapped networks.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

Cybeats Technologies

Cybeats Technologies

Cybeats delivers an integrated security platform designed to secure and protect high-valued connected devices.

Asset Guardian Solutions (AGSL)

Asset Guardian Solutions (AGSL)

Asset Guardian are dedicated to protecting the integrity of process control systems software that is used to control operations and production processes.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

RapidScale

RapidScale

RapidScale’s managed cloud solutions provide reliable, innovative, and secure services, all complete with white-glove service and full management options.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

Pires Investments

Pires Investments

Pires is building an investment portfolio of high-tech businesses across areas such as Artificial Intelligence, Internet of Things, Cyber Security and Augmented/Virtual Reality.

Almond

Almond

Almond is positioned as a key independent French player in audit and consulting in the fields of Cybersecurity, Cloud and Infrastructure.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

JMARK

JMARK

JMARK provides IT solutions to organizations of all sizes. We understand the challenges that modern businesses face and can help you maintain continuity and efficiency.

Self Labs

Self Labs

Self enables instant identity verification with privacy by default. Data is never stored by an external entity, and therefore, impossible to leak.