data thieves target millions of job seekers

Hello folks,

This article, the last I need to deal with from today’s newsletter finally got read. 2 million job seekers targeted by data thieves | Malwarebytes is its title and I’m confused about something within it.

The paragraph I’m questioning says:

The stolen data is hard to quantify given the amount of sources, but it may include names, phone numbers, emails, and dates of birth, as well as information about job seekers’ experience, employment history, and other sensitive personal data.

I know from my experience of job seeking and a resume class I took multiple times while at a program, the instructor clearly stated that you should not put your full address, just your city and state. A phone number and Email is OK.

A resume is mainly to be a highlight of your experience, of course, the more you have the better. Although it was also learned to quantify things if you could.

So going back to the above paragraph, why are people putting dates of birth in their resume? Is this on top of whether the site in question asks for such info? I’m confused on this.

The actors who did this used an SQL injection, probably meaning that the software was patched from this and they didn’t update it. (They meaning the company)

Stop me if you’ve seen a similar sentence as the following.

The stolen data were put up for sale on Chinese-speaking Telegram channels. This and other indicators make it very likely that the group is of Chinese origin.

While it isn’t U.S. based at this time, we should be on the lookout. Besides SQL injections, we need to know they used cross site scripting as well to get at the data.

The researchers coined the group as resume looters.

Have fun with this one!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.