UK job recruiters network hit by hacker, user info dumped online

TEAM (The Employment Agents Movement), the largest network of independent recruiters in the UK, has been hit by a Saudi Arabian hacker that goes by the online handle JM511.

The hacker apparently leveraged an SQL injection vulnerability and has accessed the members database of jobsatteam.com.

He dumped the compromised information online, on Pastebin. The leak includes email addresses, usernames, passwords, names, and telephone numbers of the site’s administrators, as well as the names, usernames, passwords (some encrypted, some not), and telephone numbers of nearly 2,600 of the site’s users.

The website is currently unavailable – “Under maintenance” it says on the main page.

According to posts on the attacker’s Twitter account, he also lately struck other sites like ihimlen.dk, http://knapp.com, http://www.assa.ua and several others, and dumped their databases containing user data and admin accounts’ login credentials online.

As far as I can tell, he’s been trawling the web for websites susceptible to SQL injection attacks.




Share this