ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

JobStreet Data Breach

jobstreet.com
Significant exposure
Verified breach Passwords exposed
Accounts exposed 3,883,455
Breach date 07 Mar 2012
Added to tracker 30 Oct 2017
Data classes 12

What happened

In October 2017, the Malaysian website lowyat.net ran a story on a massive set of breached data affecting millions of Malaysians after someone posted it for sale on their forums. The data spanned multiple separate breaches including the JobStreet jobs website which contained almost 4 million unique email addresses. The dates in the breach indicate the incident occurred in March 2012. The data later appeared freely downloadable on a Tor hidden service and contained extensive information on job seekers including names, genders, birth dates, phone numbers, physical addresses and passwords.

Exposed data

Dates of birth Email addresses Genders Geographic locations Government issued IDs Marital statuses Names Nationalities Passwords Phone numbers Physical addresses Usernames

Recommended actions

  • Change your JobStreet password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing JobStreet — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP