A major data exposure has come to light after cybersecurity experts discovered an unsecured online storage system containing nearly 26 million documents, many of which appear to be resumes of job seekers in the United States.
The exposed files were found in a cloud-based storage system, commonly used to save and share digital files. According to the research team, this storage space had not been properly secured, meaning anyone who knew where to look could access its contents without needing a password or any special permissions.
On further examination, it was revealed that the majority of the documents stored in the system were personal resumes and CVs. These files included sensitive personal details like full names, phone numbers, email addresses, education history, previous work experience, and other professional information. In the wrong hands, such detailed personal data can become a serious security risk.
Experts warn that job seekers are particularly vulnerable in situations like this. If cybercriminals gain access to such data, they can use it to send highly personalized scam messages. These messages may appear trustworthy, as they can be tailored using real employment history or job interests, making it easier to trick someone into clicking a malicious link or sharing their login information.
One common tactic includes sending fake job offers or interview invitations that secretly install harmful software on a person’s device. Some advanced scams may even go as far as conducting fake job interviews before sending victims "sample tasks" that involve downloading malware.
The database in question was linked to a platform used by employers and hiring teams to manage job applications and connect with candidates. However, the researchers who found the issue say they did not receive any confirmation that access to the exposed files has been blocked. While the team reached out to suggest tightening security settings, it’s unclear whether any action was taken.
There is no current proof that the data has been used by cybercriminals yet, but experts note that the longer the files remain unprotected, the higher the risk of misuse. Even if no signs of abuse have appeared so far, the availability of such information online creates an ongoing threat.
This situation serves as a reminder for companies handling sensitive data to prioritize cybersecurity. Properly configuring cloud storage, regularly updating access settings, and limiting who can view certain files are essential steps in preventing such exposures. It’s not just about protecting a system, it’s about safeguarding real people’s identities and futures.
