Monster.com Site Hacked; 1.6 Million Users Compromised

Posted by Pile (11855 views) Add this story to MyYahoo Add this article to del.icio.us Submit article to Reddit Add story to Furl Add story to StumbleUpon [E-Mail link]


Web site Monster.com has suffered an online attack with the personal data of hundreds of thousands of users stolen, says a security firm.

A computer program was used to access the employers' section of the website using stolen log-in credentials.

The most amusing part of this is that Monster.com didn't even know about this until a security company noticed phishing spam with stolen customer information within and contacted Monster.com.

As usual, it's the European press which break stories like this. Why do I have to read in English papers what happens to U.S. companies? Never mind, don't answer that. We all know why.

Symantec said the log-ins were used to harvest user names, e-mail addresses, home addresses and phone numbers, which were uploaded to a remote web server.

The stolen data could be used to send phishing and spam e-mails.

"This remote server held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website," reported Symantec.

Security breach

The firm has contacted Monster.com to inform them of the security breach.

Symantec said it had seen reports of phishing e-mails sent out to Monster.com users which were "very realistic" and contained "personal information of the victims".

The e-mail encouraged users to download a Monster Job Seeker Tool, which was in fact a program that encrypted files in their computer and left a ransom note demanding money for their decryption.

"To the best of our knowledge, this is not a hack of Monster's security, rather, legitimate customer credentials are being used to log in to the database," said Patrick Manzo, vice president of compliance and fraud prevention at Monster.

He added: "There have been reports of this as an issue of identify theft.

"We are not aware of any cases of identity theft. In fact, the information that is gathered from Monster is no different than that displayed in a phone book."

The program used to access Monster.com user data was a Trojan, which are commonly used to gain access to bank details, usernames and passwords.

Details

 

1 Article displayed.

Pursuant to Section 230 of Title 47 of the United States Code (47 USC § 230), BSAlert is a user-contributed editorial web site and does not endorse any specific content, but merely acts as a "sounding board" for the online community. Any and all quoted material is referenced pursuant to "Fair Use" (17 U.S.C. § 107). Like any information resource, use your own judgement and seek out the facts and research and make informed choices.

Powered by Percleus (c) 2005-2047 - Content Management System

[Percleus 0.9.5] (c) 2005, PCS