The Chinese AI-powered recruiting platform, MoSeeker, has allegedly been compromised, with a threat actor claiming to sell a full database dump containing 40 million records for $1200. The sale was announced on a dark web forum, putting the sensitive information of millions of job seekers and companies at risk. MoSeeker, based in Shanghai, is a significant player in the recruitment technology sector, providing tools for talent acquisition teams to identify, attract, and engage with potential candidates since its launch in 2014.
The threat actor advertised the sale of both user and company information. The compromised data allegedly includes a vast amount of personally identifiable information (PII) and corporate details. While the authenticity of the data is yet to be confirmed, the detailed nature of the listed data fields suggests a significant and damaging breach if verified. The following data categories were listed for sale:
- User Information: ID, country code, username, password, mobile number, email, registration and last login IPs, login history, full name, WeChat ID, company, and position.
- Company Information: ID, company ID, email, mobile number, nickname, and user ID.