Brinztech Alert: Database of SuperJob (Russian Recruitment Platform) is on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the sale of an alleged database containing 460,000 records of Russian job seekers from SuperJob (superjob.ru), one of Russia’s largest IT and recruitment portals. The seller explicitly markets the data as “ideal for phishing, career scams, and salary schemes.”

Brinztech Analysis:

• The Data: The dataset reportedly includes “Fullz” (comprehensive profiles): Full Names, Dates of Birth, Phone Numbers, Email Addresses, and Physical Addresses.
• The Timeline: The alleged “Leak Date: November 2025” indicates this is fresh, active data. Unlike the massive 2022 aggregations (which contained millions of older records), this smaller, fresher batch suggests a recent scrape or compromise, ensuring the contact details are currently valid.
• The Threat Context: This leak targets the most vulnerable demographic: people actively looking for work. In Russia’s tight labor market, job seekers are highly responsive to unsolicited communications from “recruiters,” making them easy targets for social engineering.

This incident adds to the systemic data crisis in Russia, following massive breaches at Sberbank, Yandex, and the FSSP (Federal Bailiff Service) in 2024-2025.

Key Cybersecurity Insights

This alleged data breach presents a specific and immediate threat to job seekers:

• Facilitation of “Career Scams”: The explicit marketing for “career scams” is alarming. Attackers can use this data to impersonate SuperJob recruiters, offering fake high-paying roles to trick victims into paying “visa fees,” “equipment deposits,” or becoming money mules.
• High-Value PII for Targeted Attacks: The dataset contains comprehensive “fullz.” With physical addresses and DOBs, attackers can conduct synthetic identity fraud or highly personalized spear-phishing (e.g., “We saw your resume on SuperJob and have an offer sent to [Home Address]…”).
• Impact on Trust: SuperJob is a critical infrastructure for the Russian economy. A breach of this nature erodes trust between employers and candidates. If candidates fear their data is being sold to scammers, they may abandon the platform.
• Unusual Leak Date Implications: The “November 2025” date confirms the data is fresh. In the underground economy, fresh data commands a premium because it hasn’t yet been “burned” (used by too many scammers).

Mitigation Strategies

In response to this claim, SuperJob and affected individuals must take immediate action:

• Immediate User Notification: SuperJob must verify the breach and notify all 460,000 affected users immediately. The notification should explicitly warn against fake recruiter calls via WhatsApp or Telegram.
• Enhanced User Education: Proactively educate users on how to verify a recruiter’s identity. Remind them that legitimate employers never ask for upfront payments for equipment or training.
• Monitor for Secondary Exploitation: Corporate security teams should monitor for new employee accounts being created using this PII or “salary diversion” attempts where attackers try to change payroll details using the stolen data.
• Implement Robust Data Security: Review internal access controls and API security. A fresh scrape of 460,000 records often points to an Insecure Direct Object Reference (IDOR) vulnerability in a resume-viewing API.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com