Cyber Incident Victim: RecruitMilitary

On August 1, 2018, a forum user named booloop claimed access to a database containing personal information of approximately 850,000 individuals with ties to the U.S. military. The user stated an anonymous source provided the data earlier that year, asserting it was not widely circulated. The dataset included 850,729 records extracted from an Elasticsearch index named "core_users_1447139122296," containing full names, email addresses, and telephone numbers. A 22MB compressed file hosted on mega.co.nz expanded to 277MB when decompressed, revealing a raw JSON file titled "military.core.txt" with 850,934 data rows. Analysis showed 35,489 ".mil" email addresses and 218,437 Gmail addresses within the dataset, with some Gmail accounts linked through open-source research to identifiable U.S. Army officers, corroborating military connections.

Temporal analysis of the data revealed records spanning from 2002 to late 2017, with the last modification dated June 26, 2017. The final four entries included test accounts with "foo bar" placeholder names and email domains linked to mutantshark.com and recruitmilitary.com. One entry associated with recruitmilitary.com featured multiple role assignments, suggesting operational use of the database. This metadata alignment, coupled with Recruitmilitary.com’s public claim of hosting over 1.36 million job seeker profiles at the time, strongly indicated the platform as the data’s origin. No public statements from Recruitmilitary.com regarding the breach’s validity, containment measures, or impact assessments were documented in the source material at the time of reporting. The exposure of .mil addresses and personally identifiable information raised concerns about targeted phishing or identity theft risks to military-affiliated individuals.