Researcher discovers Express Services leaking data, second breach in the year
Take action: Rant time - who the F keeps cleartext passwords! Apart from that, backup data sets are very dangerous and can become a huge problem if exposed.
Learn More
Security researcher JayeLTee reports to have discovered two exposed database backups, totaling approximately 5GB, containing sensitive information from expresspersonnel.com and franchises.expresspersonnel.com domains.
These domains are related to Express Employment Professionals, also known as Express Services
The databases, containing records spanning from 2004 to mid-2017, included:
- 2,439,744 unique plaintext passwords,
- nearly 4 million employment history records,
- 1,798,395 unique email addresses,
- 2,105,482 unique phone numbers,
- 1,705,293 unique street addresses.
- 1.5 million resumes in XML format,
- detailed employment histories including salary information
- previous employer contact information,
- supervisor names and titles,
- security questions with answers.
The researcher reported the exposure to Express on November 18, 2024, and the company restricted access within 12 hours. It's not clear whether any malicious actors have accessed the data, and it's not really probable that the company will possess access logs dating back to 2017 that could determine if unauthorized parties accessed the exposed data.
The full scope and impact of these incidents remain unclear, as Express has not commented their intentions regarding customer notification or their plans to prevent similar incidents in the future. It's not clear whether the data sets were managed directly by Express or by a third-party provider.
