Data Breach Alert: 'ResumeLooters' Hack 65 Legitimate Job Sites, Stealing Personal Info of 2 Million Users

Stolen personal info from online resumes were sold.

In a recent cybersecurity breach, the threat group ResumeLooters successfully infiltrated 65 legitimate job listing and retail sites, compromising the personal data of more than two million job seekers.

Employing advanced techniques, the group utilized SQL injection and cross-site scripting (XSS) attacks to carry out their malicious activities. ResumeLooters primarily focused on the Asia-Pacific (APAC) region, targeting sites in Australia, Taiwan, China, Thailand, India, and Vietnam. The stolen information encompassed job seekers' names, email addresses, phone numbers, employment history, education details, and other pertinent data, according to a report from Bleeping Computer.

According to cybersecurity firm Group-IB, a diligent monitor of ResumeLooters, the group attempted to monetize their breach by selling the stolen data through Telegram channels in November 2023.

Data Breach Alert: 'ResumeLooters' Hack 65 Legitimate Job Sites, Stealing Personal Info of 2 Million Users
In this photo illustration a young man types on an illuminated computer keyboard typically favored by computer coders on January 25, 2021 in Berlin, Germany. Sean Gallup/Getty Images

How These Hackers Steal Data

The cybercriminals deployed SQL injection and XSS as their primary methods to breach targeted sites, specifically those related to job-seeking and retail. During their penetration testing phase, ResumeLooters utilized open-source tools, including SQLmap, Acunetix, Beef Framework, X-Ray, Metasploit, ARL (Asset Reconnaissance Lighthouse), and Dirsearch. These tools facilitated the detection and exploitation of vulnerabilities, enabling the takeover of database servers and the assessment of security postures.

Following identifying and exploiting security weaknesses, ResumeLooters injected malicious scripts into various locations within a website's HTML. These injections were strategically placed to either trigger the script or merely display it within form elements or anchor tags.

When appropriately executed, the injected remote script initiated phishing forms designed to capture visitors' information. Group-IB also noted instances where the attackers employed custom techniques, such as creating fake employer profiles and posting counterfeit CV documents that contained XSS scripts.

In a surprising turn of events, an operational security (opsec) lapse by the attackers allowed Group-IB to infiltrate the database hosting the stolen data. This revelation exposed that the attackers had gained administrator access to some of the compromised sites.

ResumeLooters, driven by financial motives, attempted to sell the stolen data to other cybercriminals using at least two Telegram accounts with Chinese names: "渗透数据中心" (Penetration Data Center) and "万国数据阿力" (World Data Ali).

While Group-IB could not confirm the attackers' origin, selling data in Chinese-speaking groups and using Chinese technologies like X-rays imply a Chinese link. This event emphasizes the necessity for cybersecurity awareness and safeguards due to cyber threats' growing complexity and worldwide reach.

Enhance Cybersecurity Measures

Cybersecurity experts recommend software upgrades are recommended to avoid data breaches in personal and business settings. Implementing network and data encryption is another vital step in building robust defenses against data breaches. According to Money, this process transforms data into an unreadable format without the appropriate encryption key, making it challenging for hackers to comprehend, even in a breach.

Choosing internet browsers with robust security features is essential, as they serve as gateways for accessing online services. Commonly used browsers like Google Chrome, Apple Safari, Microsoft Edge, and Mozilla Firefox should be selected for their security features.

To further enhance security without altering browsing habits significantly, users can focus on managing cookies. Clearing out cookie caches and browser histories is crucial to prevent ad networks from collecting excessive user information, per ZDNET.

Additionally, configuring preferences to prevent websites from storing cookies altogether can contribute to a more secure online experience.

byline-quincy

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics