Hiring Platform Exposes 5.7M Resumes After Failing to Update Password
May 14, 2025 — In a serious data security lapse, a popular hiring platform has accidentally exposed over 5.7 million resume files after failing to update a key system password. The breach, discovered by independent cybersecurity researchers, highlights the ongoing risks of basic security oversight in platforms handling sensitive personal information.
The leaked files reportedly contain a wide range of personal details submitted by job seekers, including names, contact information, employment history, education background, and in some cases, government-issued identification numbers.
According to the cybersecurity firm that identified the breach, the platform had left a critical storage system accessible without proper authentication. A previously used password had been changed during a system update, but one of the storage servers still relied on the old credentials. This oversight made the system vulnerable to unauthorized access for several months.
“The data was just sitting there, unprotected. Anyone who knew where to look could have downloaded resumes by the thousands,” said a representative from the research team that discovered the flaw.
The hiring platform, whose name is being withheld pending further investigation, confirmed the breach in a statement and said it is working to notify affected users. “We take data security very seriously and have launched a full internal investigation. Access to the exposed files has been secured, and we are enhancing our protocols to prevent such incidents in the future,” the company stated.
Cybersecurity experts warn that such incidents are becoming increasingly common as companies fail to implement basic security hygiene—like regularly updating credentials and monitoring access logs.
“This is not a sophisticated hack,” said Amira Joshi, a digital privacy analyst. “This is about someone forgetting to update a password. And because of that, millions of people’s private job application data may now be floating around the dark web.”
At this time, it is unclear whether any of the exposed data has been accessed or misused by malicious actors. The company has pledged to offer free credit monitoring services to affected users and to cooperate fully with regulatory authorities.
Authorities urge anyone who has submitted a resume to online hiring platforms recently to monitor their credit reports and be cautious of phishing attempts using their personal information.
This breach underscores the critical need for regular security audits and stronger compliance practices—especially for platforms entrusted with the data of millions of job seekers around the world.
