image credit: unsplash
Millions of people looking for a new job have had their personal data stolen and put for sale on dark web chat groups after several sites were breached.
Cybersecurity experts from Group-IB have released a new report outlining their research into a relatively new threat actor called ResumeLooters and how it was able to sell a huge database on the dark web.
ResumeLooters first emerged in November 2023, when it successfully compromised 65 job listing and retail sites using two techniques – SQL injection, and cross-site scripting (XSS). With the help of tools like SQLmap, Acunetix, X-Ray, or Metasploit, the attackers were able to scan the web for flaws, automate detection and exploitation of SQL injection flaws, develop and execute exploit code against targets, and more.
