.png)
BOOK THIS SPACE FOR AD
ARTICLE ADMaking your own bad news is not what Valley News Live had in mind, but negligence comes at a price.
Cybernews researchers found an unprotected AWS S3 bucket that belongs to Take Valley News Live, a North Dakota-based television station. Gray Television, the owner of Valley News Live, makes for the third largest broadcasting company in the US.
An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There is no limit to the amount of data you can store in an S3 bucket, and individual instances can be up to 5 TB in size.
In this case, the bucket stored over 1.8 million files with over a million of them being job seekers’ resumes. Of the 1.8 million exposed files, over a million of these files are resumes sent to the station over a period ranging from 2017 to 2024.
The leaked data included:
Full names Phone numbers Email addresses Home addresses Dates of birth Nationality and places of birth Social media links Employment history Educational backgroundAs you can imagine, these resumes represent a treasure trove for phishers and other cybercriminals.
What do I need to do?
Stolen resumes are bad news, as they can be used for financial fraud, identity theft, and cause privacy issues.
With all the details a phisher can find in a resume they can make their social engineering attempts very convincing. Or they can impersonate the person in the resume to defraud people they know, perform a SIM swap by tricking the victim’s carrier into helping them illegally take over their cell phone number and re-route it to a phone under the attacker’s control.
It also opens up the victim for financial fraud, such as the criminal setting up fraudulent bank accounts in their name, applying for loans or credit cards, file false tax returns, and use the victim’s identity to obtain employment.
And if the job application was recent enough, a phisher could probably trick the victim into downloading malware under the guise of engaging in the hiring process. For example, by clicking a malicious link or opening an attachment.
So, if you sent an application to Valley News Live, it would be wise to exercise your right to have your information removed and hope that no real criminals have found the leaky bucket by now.
Cybernews states it contacted Valley News Live multiple times but received no response.
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
Bengali (Bangladesh) · 
English (United States) ·