Feeds

Monster warns victims and pledges better defense

Work details used for targeted attacks

Top three mobile application threats

Monster Worldwide, the owner of employment search site Monster.com, last week began notifying the estimated 1.3 million users affected by a breach that leaked résumé information and pledged to beef up network monitoring and defenses to prevent such a leak from happening again.

As reported by SecurityFocus, a malicious Trojan-horse program dubbed Infostealer.Monstres accessed résumé data using stolen, but valid, employer credentials and copied the information to a remote server. The information included names, physical and e-mail addresses, and phone numbers. At least one reader of SecurityFocus has claimed to have been notified by Monster that their information had been stolen.

The company has stated that it will contact the estimated 1.3 million people affected by the breach. The company also promised to strengthen security measures, including monitoring site traffic worldwide, reviewing all site access policies and investigating better ways of protecting users' information.

"Protecting the job seekers who use our website is a top priority at Monster," Sal Iannuzzi, chairman and CEO of Monster Worldwide, said in a statement issued on Wednesday. "These issues are increasingly prevalent throughout the internet, which is why Monster is enhancing its security and reaching out to everyone with an active resume on our site. We believe these actions are the responsible steps to protect our valued job seekers and customers."

The attacks are the latest warning to job sites and seekers that résumés have become valuable commodities in the underground economy. In 2005, a privacy watchdog warned that employment details were increasingly being used by identity thieves to open accounts in other people's names. The work details are typically used to help turn massive spam campaigns into far more effective targeted attacks. Earlier this year, a Trojan horse that posed as a complaint from the Better Business Bureau claimed thousands of victims after it was targeted at executive management at small and medium firms.

The U.S. Office of Personnel Management announced on Wednesday that 146,000 federal employees who had their résumés listed on USAJobs.gov were also affected by the breach. The federal employment website is administered by Monster.com.

Monster has contacted the appropriate law enforcement agencies about the breach, the company stated.

If you have tips or insights on this topic, please contact SecurityFocus.

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.