Monster.com Hacked for Second Time in Six Months
Personal Data Compromised for Users of Popular Job Search Site
Jan 28, 2009
On January 23, 2009, job search site Monster quietly posted a notice declaring that the site had been targeted by hackers who made "illegal attempts to access and extract information from its database."
What Information Did the Hackers Take?
During this invasion of Monster's database, the hackers took information such as user IDs and passwords, email addresses, birthdates, names and phone numbers.
This opens a whole can of worms as it leaves Monster users worldwide open to potential phishing attacks, as well as possibly having the information sold to direct marketers and spammers.
How Did Monster Respond?
Directly from its website:
"Immediately upon learning about this, Monster initiated an investigation and took corrective steps. It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information."
However, the company elected not to directly notify its users by email. Instead it took a passive stance and merely posted a text link on the main page of the site directing users to the security notice about the hacking attempt.
Monster claims in the notice that it chose not to email its users because it felt that such an email could be used as a template by others in an attempt to phish further security information from the site users.
But other than that, no other attempt to alert site users seems to have been made, though Monster claims they will make an online mandatory request for users to change their password when attempting to log in.
What Should Monster Users Do?
The first thing on the list is to immediately change the access password to the site.
Even if the account hasn't been used recently, personal information stored on Monster is available to any criminal who may now have the password currently attached to the account.
If logged into Monster, the password can be changed under the "preferences" link.
If not logged in, click on the "forgot password" link on the sign in page and Monster will send an email with instructions on how to change the password.
Be wary of responding to any emails from Monster claiming that one needs to click on a link to update their site data. These may be phishing emails. When receiving an email claiming to be from Monster requesting a personal information update, go directly to Monster's website by entering the site url by hand. Don't click on the link.
One can continue to use Monster to search for jobs, but changing the password and being more vigilant about requests for personal information are the best steps to take by users of the website at this time.
What Should Monster Do?
The site claims they are working with law enforcement officials to track down the criminals who accessed their databases. Monster also claims they are working with their team of security experts to prevent this from happening again.
But since this is the second time in six months the site has been illegally accessed, it's obvious the company needs to step up their online security barriers.
Identity theft is a big business nowadays. Criminals who break into sites to steal data like this can easily piece together the information taken with other data stolen elsewhere to possibly hijack banking and other financial accounts of the user.
Users of sites like Monster rely on them to protect their data and Monster must do whatever they can to not have a future occurrence.
How Do You Feel About This Hacking Attempt on Monster?
With millions of users worldwide affected by this, Suite101 would like to know your thoughts on this situation. Please leave a comment below.
 |
 |
