Recruitment platform Pflegia exposed CVs of hundreds of thousands candidates
Take action: Imagine looking for a new job, applying to a recruiter in what should be a confidential process only to find your resume floating on the dark web and possibly visible not only to criminals but to your current employer. Make sure your cloud storage is always authenticated and blocked from public access.
Learn More
Pflegia, a German recruitment platform specializing in the recruitment of healthcare professionals for various medical facilities, has a security flaw discovered by a security team. The team discovered a publicly accessible Amazon Web Services (AWS) S3 object storage instance, commonly known as an "S3 bucket".
The S3 bucket contained over 360,000 files linked to Pflegia's operations. The exposed AWS bucket, stored an extensive array of files with personal and sensitive information. The majority of these files were resumes voluntarily submitted by Pflegia's users, containing personal details such as full names, dates of birth, employment history, residential addresses, phone numbers, and email addresses.
The researchers reported the issue to Pflegia, and alghouth they received no response the exposed S3 bucket was swiftly secured, preventing unauthorized access from the public.
There is no information whether Pflegia will report a PII data breach to the privacy regulator nor whether they will inform the affected individuals.
