A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks.
The attackers mainly focus on the APAC region, targeting sites in Australia, Taiwan, China, Thailand, India, and Vietnam to steal job seeker's names, email addresses, phone numbers, employment history, education, and other relevant information.
According to Group-IB, which has been following the threat group since its beginning, in November 2023, ResumeLooters attempted to sell the stolen data through Telegram channels. Read More..