The job portal InfoJobs in Spain has suffered a significant cyberattack resulting in the theft of user profile information. This major security breach involved information that had been uploaded by various job candidates directly to their personal profiles. The popular platform has not yet detailed the total number of affected individuals in response to questions from news outlets. InfoJobs stated the intrusion occurred using passwords from other services that cybercriminals had previously obtained from different data breaches. This common attack method, known as “credential stuffing,” relies on users reusing the same passwords across multiple online platforms. This widespread practice makes many different online accounts highly vulnerable.
InfoJobs noted that usernames and passwords are often reused across websites, making them a very frequent target for cyber attackers.
While user responsibility for not reusing passwords is a factor, platforms must also have adequate security measures in place. They must work to prevent the mass automated testing of passwords against their systems, which is a key security step. Just this past Wednesday, Spain’s Data Protection Agency (AEPD) published a massive €3.2 million fine against the retailer Carrefour. The large company was fined for suffering six consecutive credential stuffing cyberattacks without effectively protecting all of its users’ sensitive data. This shows the regulatory environment in Spain.
InfoJobs has stated it is now informing all affected users and has “implemented reinforced monitoring and security protocols in all systems.” The company strongly recommends that all of its users should adopt robust account security practices, including using unique complex passwords. Users are also advised by InfoJobs to remain very attentive to any suspicious activity that occurs on their various online accounts. They should distrust job offers that request confidential information like ID numbers, Social Security numbers, bank details, or any advance payments. Additionally, users should always verify that emails actually come from official domains, such as @infojobs.net, before interacting with any of them.
The personal data stolen in the InfoJobs case represents a valuable resource for many cybercriminals who use it for identity theft.
In these types of fraud, attackers often impersonate recognized companies to gain the complete trust of the intended victim. They do this by showing they have access to the victim’s own personal information that was previously stolen in a data breach. One of the most common strategies they use involves generating a false sense of urgency to pressure the targeted recipient. If compromised, Spanish authorities advise contacting your bank immediately and then filing a formal police report regarding the incident. Spain’s National Cybersecurity Institute also offers confidential assistance.
Reference:
