TalentHook Data Breach Exposes 26 Million Job Seekers’ Resumes Via Misconfigured Azure Cloud
As a result of a data breach caused by TalentHook, tens of millions of job seekers’ resumes were left openly accessible online. The incident was first reported by the Cybernews team, which discovered a misconfigured cloud container belonging to the service.
The breach stemmed from an exposed Azure Blob Storage repository containing approximately 26 million files, most of which included résumés of U.S. citizens seeking employment. Investigators linked the container to TalentHook—a recruitment tracking system designed to connect corporate HR departments with prospective candidates. The service is owned by Resource Edge, a U.S.-based company headquartered in Nevada.
According to researchers, the exposed résumés contained a wealth of personal information, including:
- Full names
- Email addresses
- Phone numbers
- Educational background
- Professional qualifications
- Employment history
Such a breach presents a lucrative opportunity for cybercriminals aiming to exploit the data in fraudulent schemes. With access to personal details, attackers can craft highly targeted phishing campaigns. Equipped with email addresses and phone numbers, they may send deceptive emails, SMS messages, or job offers designed to extract even more sensitive information—such as scanned documents or banking credentials.
Moreover, the exposure of this data significantly increases the risk of doxxing, in which private information is maliciously published online without consent. In many cases, this can lead to harassment or intimidation.
To mitigate the fallout, cybersecurity experts urge the service owners to immediately revoke public access to the container, review existing security configurations, and update permissions to ensure that only authorized users and services can interact with the storage environment.
A thorough audit of activity logs should be conducted to detect any unauthorized access. Additionally, server-side encryption must be enabled, and Azure Key Vault should be employed for secure key management. Implementing industry best practices is also essential—this includes regular security assessments, automation of protection protocols, and raising employee awareness about cybersecurity.
Neither TalentHook nor its parent company Resource Edge has commented on the matter thus far. Experts await an official statement to assess the full scope of the breach and determine whether any steps have been taken to safeguard affected users.
