Tech linked servers containing resumes of job seekers exposes user data

A server exposed resumes of job seekers — including from recruitment site Monster was found online, TechCrunch reported.

The report says servers contained resumes of and CVs for job applicants spanning 2014 and 2017, many of which included private information like phone numbers and home addresses, but also email addresses and a person’s prior work experience.

Most of these documents revealed had users located in the United States.

It’s not known exactly how many files were exposed, but thousands of resumes were found in a single folder dated May 2017. Other files found on the exposed server included immigration documentation for work, which Monster does not collect.

The company said the server was owned by an unnamed recruitment customer, with which it no longer works. When asked , the company declined to name the recruitment customer.

“The Monster Security Team was made aware of a possible exposure and notified the recruitment company of the issue … the exposed server was secured shortly after it was reported in August,” the company said.

Although the data is no longer accessible directly from the exposed web server, hundreds of resumes and other documents can be found in results cached by search engines. But Monster did not warn users of the exposure, and only admitted user data was exposed after the security researcher alerted.

Under local data breach notification laws, companies are obliged to inform state attorneys general where large numbers of users in their states are affected. Although Monster is not duty bound to disclose the exposure to regulators, but some companies proactively warn their users even when third parties are involved.

Source : Various