AI-focused recruitment platform exposes half a million job seekers

Xobin left a database exposed online for at least 3 months

News By Benedict Collins published 15 November 2024

• Xobin left a database publicly exposed online for at least three months
• The database was filled with the PII of over 500,000 job applicants
• Identification documents and passports were included in the files

Days after a database containing the personally identifiable information (PII) of millions of jobseekers was uncovered, another half million may have been exposed by a different company.

The unprotected files were found by Cybernews researchers, and contain the PII of over 500,000 job applicants, including resumes, scans of passports, and copies of identification documents.

The files were left exposed by AI-powered HR tech company Xobin, and despite numerous alerts to the public database, remained open and accessible for almost three months.

Xobin responsible for some big names

The researchers say Xobin counts Toyota, Ericsson, the University of Toronto, and Domino’s as some of its clients, among many other companies and organizations.

It isn’t known how long the database was left exposed before discovery, but Cybernews first discovered the database on August 5 and issued an immediate alert, with the database only being taken down on November 4.

The files were stored in a misconfigured Google Cloud Storage bucket. In total, 18,000 CSV and XLSX files were uncovered which included the job applications of 523,074 people, with each application including full names, phone numbers, and email addresses.

Moreover, 3,129 copies of passports and IDs with Permanent Account Numbers - the Indian equivalent of US social security numbers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors