lot of resumes

2 million job seekers targeted by data thieves

A cybercriminal group known as ResumeLooters has infiltrated 65 job listing and retail websites, compromising the personal data of over two million job seekers.

The group used SQL injection and cross-site scripting (XSS) attacks—both common techniques— to extract the sensitive information from the websites.

The attacks primarily focused on the Asia-Pacific (APAC) region, targeting sites in Australia, Taiwan, China, Thailand, India, and Vietnam. However, other compromised companies were located in other regions, including Brazil, Italy, Mexico, Russia, Turkey, and the US.

Researchers first detected the activity of the group in November 2023, and tracked the massive malicious campaign targeting employment agencies and retail companies. Due to the criminals’ focus on job search platforms and the theft of resumes, the researchers dubbed the group ResumeLooters.

The stolen data is hard to quantify given the amount of sources, but it may include names, phone numbers, emails, and dates of birth, as well as information about job seekers’ experience, employment history, and other sensitive personal data.

The stolen data were put up for sale on Chinese-speaking Telegram channels. This and other indicators make it very likely that the group is of Chinese origin.

If you want to find out how much of your own data is exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.