Feeds

Monster.com suffers database breach deja vu

Millions (more) at risk

5 things you didn’t know about cloud backup

For the second time in 18 months, employment search site Monster.com has lost a wealth of personal data belonging to millions of job seekers after its database was illegally accessed.

The Massachusetts-based website is warning all its customers that their names, birth dates, phone numbers, user IDs and passwords, email addresses, sex, and ethnicity have been pilfered. It strongly urges users to change their login credentials immediately and to be on the lookout for phishing emails. The breach prompted this warning from USAJobs, which looks to Monster to run its website.

The company has decided not to email or phone customers to warn them of the breach, spokeswoman Nikki Richardson said. The only warning is this undated advisory, which users will only know about if they happen to visit the company's website.

It's at least the third time Monster.com has put its users at risk after suffering a significant security breach. In August 2007, a Trojan-horse program used pilfered employer credentials to siphon resume data belonging to some 1.3 million people. Within days, many users started receiving targeted phishing attacks that tried to trick them into downloading malicious software or take jobs as money mules for online crime gangs.

The company made much fanfare about plans to improve security, but two months later, it was hit again when attackers hijacked some of its job listings and used them to infect visitors with malware.

"We take this very seriously," Richardson said of the latest breach. "We're devoted to continuing to put significant resources toward the protection of our database, and no company in our business can completely prevent unauthorized access to data. We believe Monster security measures are as or more robust than other sites in the industry."

People responsible for the breach were not able to access resumes, social security numbers, or personal financial data, Richardson said. The spokeswoman declined to say when or how the breach occurred and said it was still being investigated. She also declined to say how many users Monster has.

Over the past few years, personal information like that stored on Monster have become a hot commodity in the world of cyberfraud. It can be used in identity theft, phishing attacks, and spam campaigns. And because so many people (foolishly) use a single email address and password for multiple accounts, the data can be used to gain access to online banks and other sites across the internet.

Readers who believe they are being targeted as a result of Monster's latest monster flub are invited to contact your reporter using this link. Confidentiality assured (unlike Monster). ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
JLaw, Kate Upton exposed in celeb nude pics hack
100 women victimised as Apple iCloud accounts reportedly popped
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.