In March 2012, JobStreet, a popular job portal, experienced a data breach that affected numerous accounts. The breach was later confirmed by the company through a newsletter sent to its customers, stating that it involved accounts created before July 2012. JobStreet took measures to strengthen its security and conducted a password reset exercise in January 2017. The data breach impacted not only JobStreet users but also millions of Malaysians and several telecommunications companies.

How many accounts were compromised?

The breach compromised data for approximately 3.9 million users.

What data was leaked?

The data exposed in the breach included dates of birth, email addresses, genders, geographic locations, government issued IDs, marital statuses, names, nationalities, passwords, phone numbers, physical addresses, and usernames.

How was Jobstreet hacked?

The JobStreet data breach occurred when personal information from the databases of 19 corporations and associations, including JobStreet, was made public and freely downloadable on a Tor hidden service. The breach affected personal candidate information pertaining to accounts created before July 2012. The explanation of the breach is factual and straightforward, providing details about the extent of the breach and the type of information leaked. The tone is neutral and informative, aiming to provide clear information about the situation.

Jobstreet's solution

In response to the data breach, JobStreet took several measures to enhance its security and prevent future incidents. The company continuously worked to strengthen its security protocols and conducted a password reset exercise in January 2017 to further protect user accounts. JobStreet also conducted internal investigations to understand the extent of the breach, which revealed that it involved accounts created before July 2012.

To keep its clients informed, JobStreet sent a newsletter addressing the breach and confirming its authenticity. While specific details about the removal of malware, backdoors, or collaboration with cybersecurity experts were not mentioned, JobStreet's efforts demonstrate a commitment to securing its platform and safeguarding user information from potential hacking attempts.

How do I know if I was affected?

JobStreet notified customers believed to be affected by the breach. If you're a JobStreet user and haven't received a notification, you may visit Have I Been Pwned to check your credentials.

What should affected users do?

In general, affected users should:

• Change Your Password: Immediately update your password for the breached platform. Make sure the new password is strong and unique, not previously used on any other platform.

• Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

• Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.

For specific advice on JobStreet's data breach, reach out to their support team by filling out the form on their Contact Us page.

Where can I go to learn more?

For more information on the JobStreet data breach, check out the following news articles:

• JobStreet confirms hit by Malaysia data leak - almost 3.9m accounts affected

• JobStreet Confirms Data Breach Is Real: No Accounts Beyond 2012 Are Affected

• JobStreet confirms data breach involving data from pre-2012