Job in Tourism

We've observed a consistent pattern of older breaches resurfacing in aggregated data dumps, often targeting specific sectors. Our team came across one such instance while monitoring a dark web forum known for hosting large-scale credential dumps. What struck us wasn't the age of the breach itself – dating back to July 2018 – but the sheer volume of records pertaining to a single, niche job board: Job in Tourism. This suggests a focused effort to collect and repackage data from disparate sources, potentially for targeted phishing or identity theft campaigns within the hospitality industry.

Job in Tourism Breach: 16.4M Records Resurface

A database breach impacting Job in Tourism, a website focused on employment opportunities within the tourism sector, has re-emerged in circulation. The breach, which initially occurred on July 1, 2018, exposed a substantial amount of personal information belonging to job seekers. The re-emergence of this data highlights the long tail of data breaches and the persistent risk they pose to individuals. We discovered the breach data listed for sale on a popular dark web forum, advertised as a complete database dump from the Job in Tourism website. Its large size and the specific targeting of a professional sector made it noteworthy.

The fact that a breach from 2018 is still actively traded and potentially exploited underscores the importance of continuous monitoring and threat intelligence. It also highlights the vulnerability of specialized job boards, which may not have the same level of security investment as larger platforms. This breach matters to enterprises now because the exposed data can be used for targeted phishing attacks against individuals working in the tourism industry, potentially compromising company systems and data. It also feeds into the broader trend of attackers leveraging older breaches for credential stuffing and account takeover attempts.

Key point: Total records exposed: 16,458,360

Key point: Types of data included: Email addresses, IP addresses, first names, last names, genders

Key point: Sensitive content types: Personally identifiable information (PII)

Key point: Source structure: Database dump

Key point: Leak location(s): Dark web forums

Key point: Date of first appearance: July 1, 2018 (original breach); recently resurfaced on dark web forums in 2024

External Context & Supporting Evidence

While the Job in Tourism breach itself didn't receive widespread coverage in mainstream media at the time, similar breaches targeting job boards have been reported. For example, in 2019, ZDNet reported on a data breach affecting CareerBuilder, exposing the personal information of millions of job seekers. These incidents underscore the systemic vulnerabilities within the online recruitment landscape.

On a related note, security researchers have observed an increase in the use of automated tools to scrape and aggregate data from various online sources, including job boards and social media platforms. This trend is documented in numerous threat reports and security blogs. One Telegram post claimed the files were "collected from outdated databases using open-source scraping tools." This suggests that attackers are actively seeking out and exploiting older vulnerabilities to build comprehensive profiles of potential targets.

Email · Address · Ip · First · Name · Last · Gender