Talanton, a job posting and searching platform based out of India had a database exposed between May 17th and June 15th, 2019. The exposure left Personally Identifiable Information (PII) of job seekers and employers. Many different methods of sourcing were used to add individuals to the database. Information from people all over the world including the US, India, Israel, UK, France, multiple European countries, Australia, UAE, Singapore, and Hong Kong, along with many others were represented. Job seeker information that was available encompassed direct phone numbers, locations, titles, current employers, salary expectations, personal email addresses, gender, nationality, and job seeking status. Along with job seeker information, was direct lines of contact for CISOs, CEOs, and government employees. One specifically documented was the CTO of the Australian government. Researchers contacted Tata Communications, who hosted the database, and they took it offline.
Analyst Notes
Phishing attempts are likely to increase due to the inclusion of personal emails. Other personally related accounts should be closely monitored for any malicious activity. If unusual activity is found to be happening, users should deactivate the accounts and make sure no important information is available on those accounts.
