A Saudi hacker going with the online handle of JM511 has breached into the server of a UK-based international network of independent recruitment experts known as TEAM.
After bypassing the security hacker accessed and leaked login credentials of thousands of registered recruitment agencies over the Internet.
The breach was conducted on 8th August 2015 in which hacker used a simple SQL injection vulnerability to access the server and steal the data of about 2613 registered agencies/users.
[must url=”https://www.hackread.com/middle-easts-dubizzle-suffers-security-breach/”]Middle East’s Largest Classified Website Dubizzle Suffers Security Breach[/must]
Screenshot from the leaked data
After scanning the leaked data, we have found it to be legit and never been leaked online before.
In-depth analysis:
The hacker has leaked the data on Pastebin which includes full names, telephones, account creation and updating date, emails along with their clear-text passwords of 2613 registered recruitment agencies.
I got in touch with TEAM (jobsatteam.com) through their Facebook page, but they preferred not to reply even after seeing my message. However, Liz Longman who’s running the firm’s Twitter account replied (sort of).
@Writerblues Please would you direct any enquiries to team@jobsatteam.co.uk where someone will be able to help you.
— TEAM (@jobsatteam) August 21, 2015
@LizLongman Well thank you but I don't need help. Thing is that you are unaware of a massive security breach on your website servers. 1/2
— Waqas (@Writerblues) August 21, 2015
@LizLongman In simple words someone hacked and leaked almost all login credentials of your site's registered users. 2/2
— Waqas (@Writerblues) August 21, 2015
At the moment, personal details of hundreds of job recruitment agencies are at risk. The worst thing is that password for every account has been saved in clear-text form. However, it is unclear if the firm deals with online transactions through their website.
There hasn’t been any kind of security alert from TEAM itself so we suggest users to change their password for other website(s) if the password(s) are the same as the one used for TEAM because the same password should never be used across multiple sites or accounts.
About TEAM:
TEAM is an international network of independent recruitment experts providing employment services and support for its members ensuring they receive all the benefits associated with an independent recruitment agency.
In order to respect users’ privacy, we are not sharing the link of the leaked data in this article.
Report typos and corrections to admin@hackread.com
