SQL Injection Leads To BigMoneyJobs.com Leak

From DataLossDB and Risk Based Security:

Earlier today, a hacker identified as ProbablyOnion (who recently breached Boxee.tv) has posted data from a large job seeker website resulting in over 36,000 accounts being published online.

The website BigMoneyJobs.com is a large hub for job seekers and employers looking to hire them. The breach was announced over Twitter and posted to the hacker’s hidden TOR service as a 5.94MB Excel spreadsheet that contains all of the members from the website’s database.

The leaked data contains personally identifiable information (PII) including full names, home addresses, phone numbers, email addresses, website registration information, and plaintext passwords totaling 36,802 members.

Read more on RBS.

Why would anyone post their personal details on a job seeker site that doesn’t even provide its principals’ names and some credentials? You could be giving your credentials directly to identity thieves. I’m not saying this site is a scam or fraud, but how would you know from looking at the site? 

About the author: Dissent