A Saudi hacker going with the online handle of JM511 has breached into the server of a UK-based international network of independent recruitment experts known as TEAM.
After bypassing the security hacker accessed and leaked login credentials of thousands of registered recruitment agencies over the Internet.
The breach was conducted on 8th August 2015 in which hacker used a simple SQL injection vulnerability to access the server and steal the data of about 2613 registered agencies/users.
After scanning the leaked data, we have found it to be legit and never been leaked online before.
In-depth analysis:
The hacker has leaked the data on Pastebin which includes full names, telephones, account creation and updating date, emails along with their clear-text passwords of 2613 registered recruitment agencies.
I got in touch with TEAM (jobsatteam.com) through their Facebook page, but they preferred not to reply even after seeing my message. However, Liz Longman who’s running the firm’s Twitter account replied (sort of).
@Writerblues Please would you direct any enquiries to [email protected] where someone will be able to help you.
— TEAM (@jobsatteam) August 21, 2015
https://twitter.com/Writerblues/status/634719843346853889
https://twitter.com/Writerblues/status/634720140827865088
At the moment, personal details of hundreds of job recruitment agencies are at risk. The worst thing is that password for every account has been saved in clear-text form. However, it is unclear if the firm deals with online transactions through their website.
There hasn’t been any kind of security alert from TEAM itself so we suggest users to change their password for another website (s) if the password(s) are the same as the one used for TEAM because the same password should never be used across multiple sites or accounts.
About TEAM:
TEAM is an international network of independent recruitment experts providing employment services and support for its members ensuring they receive all the benefits associated with an independent recruitment agency.
In order to respect users’ privacy, we are not sharing the link of the leaked data in this article.
Report typos and corrections to [email protected]
