Over 2M jobseekers’ data compromised in SQL injection, XSS attacks

7 February 2024

More than 2 million jobseekers’ personal data and email addresses have been exfiltrated by the ResumeLooters threat operation following SQL injection and cross-site scripting attacks against at least 65 websites, most of which are in the retail and recruitment sectors in India, Taiwan, and Thailand, reports SecurityWeek. The U.S., Brazil, Japan, Russia, Italy, and the Philippines have also been targeted by the attack campaign, which involved the utilization of open source and penetration testing tools for SQL injections, as well as the compromise of job search websites with XSS scripts in a bid to steal not only individuals’ email addresses but also their names, birthdates, phone numbers, and work experience, according to a report from Group-IB.

Source: SC Magazine

Date:

7 February 2024

Categorie(s):

NEWS

Tag(s):

Data Security, Databases, IT, SQL, XSS

Belarus security agency allegedly subjected to hacktivist attack29 April 2024
Old Microsoft Office bug leveraged to compromise Ukraine29 April 2024
China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale29 April 2024
UK enacts IoT cybersecurity law29 April 2024
Ten years of Heartbleed: Lessons learned29 April 2024