Experts Reaction On UK Job App Exposes Thousands Of CVs Online

It has been reported that Sonic Jobs, a UK retail and restaurant jobs app used by the Marriott and InterContinental hotel chains, has exposed over 29,000 CVs online revealing job-hunters’ names, addresses, phone numbers and career histories to potential cyber criminals. The firm made the settings on their cloud storage buckets public, which meant that when someone applied for a job their CV was available for anyone who knew the location of the bucket to see and download it.


EXPERTS COMMENTS
Chris DeRamus , Co-founder & CTO,  DivvyCloud
October 21, 2019
Even though Amazon S3 buckets are private by default.
AWS is the biggest public cloud service in the world, and companies around the world are flocking to the cloud for its ease, speed and accessibility in order to operate more effectively, enhance customer experiences and remain competitive. However, often times companies adopt the cloud without the expertise or correct tools in place to ensure security. Even though Amazon S3 buckets are private by ....
[Read More >>]
Stephan Chenette , Co-Founder and CTO,  AttackIQ
October 21, 2019
Unauthorized exposure of any type of customer data is a serious issue that may impact them well into the future.
Unfortunately, it does not take much for cybercriminals to find databases left open to the public and access personally identifiable information. There are tools designed to detect misconfigurations within cloud-tools, like Amazon's S3. Authentic Jobs and Sonic Jobs left a total of 250,000 customers’ records vulnerable by leaving the buckets public. Any organization that collects and stores cons ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
October 17, 2019
Cloud services such as Amazon's AWS S3 buckets make it very easy and cost-effective for companies.
Cloud services such as Amazon's AWS S3 buckets make it very easy and cost-effective for companies to store large amounts of data which can be quickly accessed from any location. Unfortunately, not applying the proper permissions can result in the same masses of information being exposed publicly, and by extension to any criminal. CVs, in particular, contain a wealth of personal and private informa ....
[Read More >>]
Sergio Loureiro, Cloud Security Director ,  Outpost24
October 17, 2019
This is definitively not the responsibility of AWS, but of Authentic Jobs and Sonic Jobs.
This is definitively not the responsibility of AWS, but of Authentic Jobs and Sonic Jobs. There is no excuse for such a misconfiguration, default settings by AWS are good and there are plenty of tools to check for that kind of misconfiguration, such as Cloud Security Posture Management (CSPM) tools (according to the Gartner terminology). Yet another example of enterprises being sloppy with persona ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
October 17, 2019
For potential employees, the goal is getting your resume in front of as many people as possible.
For potential employees, the goal is getting your resume in front of as many people as possible. And while the dark side of the web isn't used by employers, there are many resources and sites that job seekers commonly use to promote their candidacy. What we don't know is if these resumes contain personally identifiable information that isn't publicly available on sites such as LinkedIn and could b ....
[Read More >>]
Tim Erlin, VP of Product Management and Strategy ,  Tripwire
October 17, 2019
This is yet another instance of misconfigured AWS storage buckets.
This is yet another instance of misconfigured AWS storage buckets. These misconfigurations are at the heart of millions of disclosed records. Any organization using cloud storage must regularly audit the permissions to ensure these kinds of breaches don’t happen. When you apply for a job, you share sensitive personal data with the jobs board and the companies to which you’re applying. It’s ....
[Read More >>]
Robert Ramsden Board, VP EMEA ,  Securonix
October 17, 2019
Data breaches involving Personally Identifiable Information (PII) often lead to huge fines.
This is another incident of an organisation deploying new technology without considering the security implications. If the data was accessible to anyone with an internet connection then there is a high chance it already has been accessed by unintended parties. Data breaches involving Personally Identifiable Information (PII) often lead to huge fines, reputational damage, and loss of trust. Not to ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article