- A credible group of actors has released an old "JobStreet.com" dump on the dark web, sharing it for free.
- The dump contains the sensitive details of 42,242 Singaporean job seekers, like their names, phone numbers, and IDs.
- Although old and possibly over-used, the dump could still contain entries that were never touched before.
The Malaysian platform "JobStreet.com" was compromised by hackers back in 2012, who stole the sensitive information of a large number of job seekers. The particular platform isn't serving only Malaysians, as it has a presence in entire Southeast Asia, linking approximately 11 million candidates with 80,000 corporate entities. The discovery of the leak came from Cyble's dark web sweepers, who actually found 42,242 user records belonging to people from Singapore. The data was confirmed to come from the eight-year-old data breach that is, however, still haunting the exposed individuals.
The database that has been given away for free now includes the following:
- Date of birth
- Email address
- Geographic location
- Government-issued ID
- Marital status
- Phone number
- Physical address
The above information is very sensitive, no matter how many years may have passed since the breach occurred. Emails, passwords, usernames, and even phone numbers may be changed or reset, but the rest of the data is hard and often impossible to replace. This means that people's full names, along with their geographic location and their national IDs, have been publicly revealed to a large number of people now.
The fact that the data is now given away for free indicates that they have no value anymore. Most likely, this dump has been sold, shared, and then re-shared with hundreds if not thousands of malicious actors these eight years. With tens of thousands of users in the dump, though, there's always a chance that there are some "virgin" entries in there.
Cyble's credential leak checking service has already incorporated the data dump, so if you can't remember whether or not you had an account on the JobStreet.com platform, go ahead and check now. Even after all these years, you may want to take some precautionary measures to protect yourself. Next time you're looking to fill a job vacancy, remember to limit the information you're sharing with the platform to as little as possible.
Finally, keep in mind that you are bound to take the splash of a new wave of phishing and scamming attempts now. That said, do not respond to these messages, do not open any documents that may come as attachments to unsolicited email messages, update your AV tools, and be very careful with incoming calls or SMS messages. Remember, crooks have your phone number now, and so you may receive text messages that contain URLs, or calls that ask you to share personal or financial information.