Security experts from Cybernews discovered an unknown source allegedly selling stolen credentials belonging to Adecco Group. Adecco Group, a Fortune 500, global human resource and temporary staffing company.
The database kept for sale contained over five million records from six Latin American/South American countries: Peru, Brazil, Argentina, Colombia, Chile, and Ecuador.
Soon after Cybernews published the article, it was taken down by the author. This appears to be the same threat actor behind the recent VPN leaks.
They reached out to Adecco to verify that the data belonged to them, but they have not responded yet.
Adecco has suffered a data breach in the past. In August 2019, Adecco Group informed Belgium’s privacy regulator that the biometric data of roughly 2,000 of the employees for its Belgian unit had been compromised due to a breach of Suprema ID Inc., which had supplied biometric services for Adecco.
The database appears to have been left open to the public with weak credentials. The year for this database is listed as 2021.