Home News Fortune 500 Company Adecco Group Suffers Data Breach

Fortune 500 Company Adecco Group Suffers Data Breach

Fortune 500 global recruitment firm Adecco Group suffered a data breach affecting users from six South American countries.

SHARE
data breach

Darknet forums enable cybercriminals to promote their hacking skills and trade stolen digital assets to other threat actor groups in the community. A large amount of compromised sensitive information is being dumped across various hacking forums regularly. Recently, security experts from Cybernews discovered an unknown hacker allegedly selling stolen credentials belonging to Adecco Group. Headquartered in Switzerland, Adecco Group is a  Fortune 500 global human resource and temporary staffing company.

The database kept for sale contained over five million records from six Latin American/South American countries: Peru, Brazil, Argentina, Colombia, Chile, and Ecuador.

The Leaked Data

The data dump, which was later taken down by the hacker, supposedly contained different categories of data:

  • “Candidatos_datos_personales” (candidates’ personal data) with 4,543,938 lines
  • “Candidatos_candidatos_by_email” with 3,763,836 lines
  • “Candidatos_login” with 5,321,943 lines

In common, all the categories exposed candidates’ sensitive information including full name, gender, marital status, birth dates, email addresses, passwords, and country of residence.

The Impact

While it is unclear why the post was taken down by the threat actor, Cybernews suspects that the database was sold out. The data could be misused for various malicious purposes, including:

  • Targeted spear-phishing attacks
  • Collecting and spamming users’ emails and phones
  • Brute-forcing users’ other online accounts

 Mitigation Measures

Cybernews also recommended certain security measures for users whose data may have been compromised in the security incident. These include:

  • Change your passwords immediately. You should be using a unique password for each account you create.
  • Add two-factor authentication (2FA) on your most sensitive accounts, including your primary email account. That way, even if a bad actor were able to uncover your credentials, they wouldn’t be able to get into your account.
  • Watch out for suspicious emails, as they may be phishing attempts. Avoid clicking on links from suspicious emails.
  • Watch out for suspicious activity on your financial accounts and set up identity theft monitoring.

Researchers suspected that the latest security incident appears to be from the same threat actors responsible for the recent VPN leaks, in which cybercriminals traded three databases that contained user credentials and device data from three Android Virtual Private Network (VPN) services – SuperVPN, GeckoVPN, and ChatVPN. Read more…