Skip to content

AI Recruitment Platform Suitable AI Allegedly Breached, Over 15,000 Applicants' Data Leaked in a Partial Dump

Breach Report India flagIndia United States flagUSA AI / Recruitment Active Vulnerability

AI Recruitment Platform Suitable AI Allegedly Breached, Over 15,000 Applicants' Data Leaked in a Partial Dump

A threat actor using the alias NightBroker claims to have breached Suitable AI (suitable.ai), an AI-powered recruitment platform based in India and the United States that helps STEM professionals find jobs. The actor posted a partial dump of 15,176 applicant records, stating the platform holds around 53,681 applicants in total. According to the post, the data was obtained by abusing weaknesses in the platform's GraphQL API, including an authentication bypass and an unauthenticated query that returned applicant contact details. The leaked fields include names, emails, mobile numbers, resumes, locations, salary expectations, and internal recruiter and scoring data. The claim is unverified.

Data15,176 records
Claimed total~53,681
CountryIndia flagIndia / USA
ActorNightBroker

Post details

TargetSuitable AI (suitable.ai)
CountryIndia flagIndia / USA
SectorAI / Recruitment
Claim15,176 records (partial dump)
Claimed total~53,681 applicants
DataNames, contact, resumes, salary
VectorGraphQL API weaknesses
ActorNightBroker

!Allegedly included

  • 15,176 applicant records (partial)
  • Names & emails
  • Mobile numbers
  • Resumes (CV files)
  • Locations
  • Salary expectations
  • Experience details
  • Recruiter & scoring data

Screenshots

Potential impact

Recruitment data is sensitive because it ties named individuals to their contact details, resumes, career history, and salary expectations, all of which fuel targeted phishing, recruitment scams, and identity fraud. The exposure of resume files and professional profiles is especially useful to attackers building convincing lures. The actor also describes an authentication bypass and unauthenticated data access, which, if still present, would place the wider applicant base well beyond the 15,176 records posted at risk. The claim is unverified.

iStatus

Unverified

This is a partial data-leak post with the download gated behind forum points; it also describes the API weaknesses used. Operators should review authentication and authorization on their API, restrict unauthenticated data queries, and patch outdated server software. The claim is unverified and Suitable AI has not publicly addressed it.

Want everything on this breach? Paid subscribers get the full claim details and more. Check out the threat feed, then after subscribing, search there for this alert. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Latest