A dark web hacker, known as "makishimaaaa," has recently advertised a significant data breach on the Nuovo BreachForums. The compromised data originates from Hosocongty, a prominent Vietnamese job search platform. According to makishimaaaa's post on May 12, 2024, the hacker claims to have exfiltrated a PII (Personally Identifiable Information) database from the Hosocongty data breach in 2024. The database, offered for sale at the price of $320, contains approximately 160,000 records. These records include sensitive information such as company names, passwords, contact details, and various other personal identifiers. Interested buyers are instructed to contact the hacker privately, with the option of using escrow systems for transactions.

Hosocongty Data Breach Exposes Thousands of Job Seekers

Hosocongty.vn, the affected platform, serves as a crucial link between job seekers and employers across Vietnam. Its rapid growth highlights its significance in the country's job market. However, this data breach raises concerns about the security and privacy of the platform's users. [caption id="attachment_68133" align="alignnone" width="1622"] Source: Dark Web[/caption] Makishimaaaa's relatively low ransom demand and status as a new member of the hacking forum suggest a developing situation. The hacker joined the platform in March 2024 and has since posted 38 times. This calculated move indicates a deliberate attempt to minimize suspicion while maximizing profits from the stolen data. The compromised database contains a wealth of personal information, including company details, contact numbers, email addresses, and more. Makishimaaaa emphasizes the quality and active rate of the data, reassuring potential buyers of its reliability. However, the ethical implications of purchasing stolen data remain a cause for concern. The Cyber Express has reached out to the recruitment firm to learn more about this Hosocongty data breach. However, at the time of writing this, no official statement or response has been released, leaving the claims for the Hosocongty data leak unverified. 

Cyberattack on the Recruitment Sector

The Hosocongty data breach is indicative of a broader trend of increasing cyberattack on the recruitment sector. In February 2024, Das Team Ag, a prominent job placement agency in Switzerland and Liechtenstein, fell victim to the Black Basta ransomware group, highlighting the vulnerability of recruitment platforms.  Cyber risks in the digital hiring process have intensified over the years, with cybercriminals targeting sites housing sensitive data, such as employment platforms. The surge in digitalization has exacerbated these threats, necessitating enhanced security measures across industries.  Polymorphic attacks, phishing, and malware are among the most prevalent cyber threats facing the recruitment sector, posing risks to both job seekers and companies. As such, users of Hosocongty are urged to exercise vigilance and implement necessary security measures to safeguard personal information.  This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the Hosocongty data breach or any official confirmation from the Vietnamese job portal.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.