Over 1.1 million user files leaked following huge data breach at top jobseeker platform
Unprotected beWanted database remains open, with the company yet to respond to inquiries.
- beWanted, a major European job seeker platform, kept an open Google database online
- Database contained more than 1.1 million records, mostly CVs and resumes
- Data belonged to people all over the world, and could now be at risk
A major European employment platform was reportedly leaking sensitive data from as many as a million users, researchers have claimed
Cybernews has revealed its researchers discovered an unprotected Google Cloud Storage (GCS) bucket belonging to beWanted, described as “one of the largest employment platforms in Europe”.
The bucket contained more than 1.1 million files, mostly CVs and resumes belonging to job seekers, from people all over the world, including Spain, Argentina, Guatemala, Honduras, and more.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
No reply
That being said, anyone that might have found the database beforehand would obtain people’s full names, phone numbers, email addresses, postal addresses, dates of birth, national ID numbers, nationalities, places of birth, social media links, employment history, and educational background.
This is more than enough information to run bespoke phishing, identity theft, or wire fraud attacks. Job openings are often the topic in phishing emails, and knowing the identities of people looking for a new position presents a unique opportunity for cybercriminals to create convincing phishing emails.
Through those, they could deliver malware, steal login credentials, break into their current employers’ IT network, and more.
Headquartered in Madrid, Spain, with offices in Mexico, Germany, and the UK, beWanted is described as a Software-as-a-Service (SaaS) enabled business, connecting job seekers with potential employers.
Cybernews’ researchers said they tried contacting beWanted and getting the company to lock the database down, but the firm never responded to any of their inquiries. As a result, “the data remains publicly accessible,” they said.
The team discovered the unprotected GCS bucket in November 2024, so it’s been sitting wide open on the internet for at least half a year now.
Anyone who knew where to look (by using specialized search engines like, for example, Shodan) could have found it already. However, without forensic analysis, it’s impossible to determine if that already happened or not.
You might also like
- iHeartRadio Jingle Ball 2024 – how to watch online from anywhere
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
