Suitable AI Allegedly Exposed Through GraphQL Authentication Flaw

A threat actor claims GraphQL vulnerabilities in Suitable AI exposed more than 15,000 applicant records containing resumes and recruitment data.
Screenshot of a forum post alleging a breach of Suitable AI, claiming 15,176 applicant records were obtained through GraphQL authentication vulnerabilities, with blurred sample data and technical details describing the alleged attack.
Screenshot of the forum post where a threat actor claims to have breached Suitable AI by exploiting alleged GraphQL vulnerabilities, reportedly exposing applicant records, resumes, and recruitment data belonging to more than 15,000 users.

A threat actor claims to have breached AI recruitment platform Suitable AI by exploiting multiple GraphQL vulnerabilities, allegedly exposing applicant records, resumes, and recruitment data belonging to more than 15,000 users.

GraphQL vulnerabilities allegedly enabled account access

According to a forum post published on July 13, the threat actor claims Suitable AI’s GraphQL implementation contained authentication and authorization weaknesses that allowed unauthorized access to applicant information.

The actor alleges they discovered an authentication bypass that allowed them to obtain valid user sessions without completing normal authentication checks. They further claim another GraphQL endpoint could be queried without authentication to retrieve applicant information when a user identifier was known.

15,176 applicant records reportedly obtained

The threat actor claims to have extracted data belonging to 15,176 applicants despite alleging the platform contained more than 53,000 user accounts.

According to the post, the allegedly compromised records include applicant names, email addresses, phone numbers, recruitment status, AI-generated ratings, recruiter workflow information, referral data, rejection details, and links to uploaded resumes.

The actor also claims portions of recruiter-facing application metadata were exposed, including candidate experience, expected salary, notice periods, location details, LinkedIn profile URLs, and other information submitted during the hiring process.

No evidence has been presented indicating that payment information or passwords were included in the alleged dataset.

Applicant resumes could increase exposure

If confirmed, the alleged exposure could present elevated privacy risks because uploaded resumes frequently contain additional personal information beyond basic contact details. Depending on what individual applicants included in their resumes, affected records could contain employment histories, education information, certifications, addresses, and other personally identifiable information.

Second AI platform targeted by same threat actor

The alleged breach follows another recent claim involving an AI platform. Earlier this month, BreachNews reported on the alleged EcoGPT data exposure, where the same threat actor claimed an unauthenticated Supabase database exposed shared conversation records. While the reported attack methods differ, both incidents involve alleged application-level security weaknesses rather than traditional network intrusions.

Threat actors increasingly appear to be targeting AI platforms that process large volumes of user-submitted information, particularly services handling resumes, prompts, conversations, and other sensitive personal data.

BreachNews contacted Suitable AI for comment prior to publication. The company had not responded at the time of publication.

X
LinkedIn
Reddit
Telegram
WhatsApp
Threads
Facebook
Email
Print
Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

Newsletter signup

Get the latest data breach and security news.

Please wait...

Thank you for signing up!

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map