beWanted Data Breach Exposes Sensitive Information of 1.1 Million Users
European job platform beWanted has exposed the personal details of over 1.1 million job seekers, after security researchers discovered an unsecured Google Cloud Storage (GCS) bucket linked to the company.
The leak, first discovered on November 12, 2024, includes a trove of sensitive data such as full names, national ID numbers, phone numbers, email addresses, and other personal identifiers. Despite repeated disclosure attempts, the data remained publicly accessible for at least six months.
beWanted is headquartered in Madrid, Spain, and operates globally with offices in Germany, Mexico, and the UK. The company markets itself as “the largest Talent Pool ecosystem in the world,” offering SaaS-based recruitment tools for employers and job seekers.
What Data Was Exposed?
According to the Cybernews research team, the vast majority of the leaked files were CVs and resumes submitted by users of the platform. Each file typically included:
- Full name and surname
- Phone number
- Email address
- Date of birth
- Home address
- National ID number
- Nationality
- Place of birth
- Links to social media profiles
- Educational background
- Employment history
“This exposure creates multiple attack vectors, enabling cybercriminals to engage in identity theft, where personal information can be used to create synthetic identities or fraudulent accounts,” researchers said.
The leaked national identification numbers reportedly include citizens from Spain, Argentina, Guatemala, Honduras, and other nations, indicating the breach’s international scope.
Serious Risks of Identity Theft and Phishing
Researchers warned that the exposed data could enable multiple forms of cybercrime. These include:
- Identity theft through the use of leaked national IDs and contact information
- Synthetic identity fraud, using real personal data to build fake digital personas
- Phishing attacks tailored using authentic personal information
- Social engineering, by impersonating recruiters or infiltrating professional networks
“The leak increases the potential for social engineering attacks, as attackers can impersonate fake recruitment agencies or leverage the leaked data to infiltrate professional networks,” the team added.
Timeline of the Incident
- Leak discovered: November 12, 2024
- Initial disclosure to company: November 28, 2024
- National CERT contacted: February 3, 2025
- Data status (as of reporting): Still publicly accessible
The researchers confirmed that despite multiple attempts to notify beWanted, the exposed data had not been secured at the time of publication.
Recommended Security Measures
To reduce risk and prevent similar exposures, the team outlined the following mitigation steps for cloud storage security:
- Restrict Public Access: Remove all public permissions and enable Public Access Prevention.
- Implement Access Controls: Apply least privilege principles and assign permissions only to authorized users.
- Monitor Access Activity: Enable audit logs and set up alerts for suspicious activity.
- Enable Data Encryption: Use server-side encryption and manage keys securely with Google Cloud KMS.
- Enforce Secure Transmission: Mandate SSL/TLS for all file transfers.
- Conduct Regular Audits: Review cloud settings using tools like Google Cloud Security Command Center.
As of now, beWanted has not issued an official response regarding the breach.
