Attack Description :
We found that a threat actor known as “wolfdata” or “shadowhacker” on the XSS Forum, attempting to sell a database allegedly belonging to Bossjob (https://bossjob.ph/), a job hiring portal based in the Philippines and operated by Etos Adtech Corporation. The exposed database may contains sensitive information of 2 million job seekers, including:
- ID: Unique identification numbers or codes assigned to each job seeker in the database.
- Full Name: The complete names of the individuals seeking job opportunities through the portal.
- Email Address: Contact email addresses provided by job seekers for communication purposes.
- Phone Number: Contact phone numbers used by job seekers to receive potential job offers or inquiries.
- Location: The specific geographical location or address details of the job seekers.
- Country: The country in which the job seekers are based or seeking employment.
The potential sale of such a database on underground forums poses significant risks to the affected job seekers. The exposed personal information can be exploited for various malicious purposes, including identity theft, phishing attacks, spamming, and even targeted scams.
Here are some crucial actions that Bossjob (https://bossjob.ph/) and the job seekers should consider:
- Company Response: Bossjob should urgently investigate the incident to verify the data breach and take immediate steps to secure their systems. They should identify the vulnerability that led to the breach and address it to prevent future incidents.
- Data Breach Notification: Bossjob should promptly notify the affected job seekers about the data breach, the specific information that was compromised, and the potential risks they might face. Transparent communication is essential to help individuals take appropriate actions to protect themselves.
- User Guidance: Bossjob should advise job seekers to be vigilant against phishing attempts, suspicious emails, and unsolicited communications, especially those related to job opportunities.
- Data Protection Measures: Companies like Bossjob must implement robust data protection measures, including encryption, access controls, and regular security audits, to safeguard the personal information of their users.
- Regulatory Compliance: Bossjob should comply with relevant data protection and privacy regulations in the Philippines and notify the appropriate authorities about the breach.
- User Security Measures: Job seekers affected by the breach should change their passwords not only on the Bossjob platform but also on any other online accounts using the same credentials. Using unique and strong passwords for each online service is essential.
- Monitoring for Suspicious Activity: Both Bossjob and the job seekers should monitor their financial accounts and online activities for any unusual or unauthorized transactions.
- Law Enforcement Involvement: The data breach should be reported to law enforcement agencies, who can help investigate the matter and potentially bring the threat actor to justice.
Take Away: Data breaches like this highlight the need for heightened cybersecurity measures and vigilance among companies and individuals alike. Safeguarding personal information is crucial to protect individuals from potential harm arising from such incidents.
Disclaimer : The information provided herein is on “as is” basis, without warranty of any kind.