The Monster hack, first reported late last week, is making news worldwide with news agencies in the U.K. and elsewhere reporting that 4.5 million users of the job board, including in the United Kingdom and elsewhere had their data compromised. The company told The Times, a London newspaper, that such personal information as addresses, names, birth dates, and other ”demographic information” were stolen. Hackers also managed to get user IDs and passwords.
A Monster spokeswoman declined to comment on the number of records affected, but said it included some U.S. users. Monster’s non-career sites (such as Military.com), the European site JobPilot and sites in Asia Pacific and in Eastern Europe were not affected.
Monster has posted a warning on its homepage linking to a letter explaining the intrusion. Dated Jan. 23rd, the letter signed by Patrick Manzo, Monster’s Global Chief Privacy Officer, warns users they may be subject to “phishing” expeditions, where they receive emails from the hackers but appearing to be from Monster, directing them to download malicious software or provide additional confidential information.
A similar warning has been posted to the USAJobs site, the official job board of the U.S. federal government. The site is powered and managed by Monster; thus, the profiles and other data of its users may have been illegally accessed.
This happened after an August 2007 hack that downloaded 1.7 million user records, nearly all from the U.S. The security breach only became public after a security company posted the news to its website, forcing Monster to admit the intrusion days after it knew the breach occurred.
This time, it was Monster which disclosed the hack and provided details about the type of information that was accessed. The Monster spokeswoman said no resumes or customer transactional data were compromised. However, recruiters, like job seekers, are urged to change their password as well as keep an eye out for phony Monster emails. The posted letter contains additional guidance.
Monster received better marks this time for its reporting of the breach. NetworkWorld, a tech-focused publication for network administrators, analyzed Monster’s disclosure letter and compared it to the warning the company sent out after the 2007 hack. The publication had Roger Nebel, director of strategic security for FTI Consulting, review the Monster warning reporting that he considered it “adequate: Not bad, but could be better.”
“There are no details about how they were hacked, nor steps taken to prevent it again,” NetworkWorld quotes Nebel as saying. “While I don’t expect them to necessarily tell us gory details there should at least be some context, be it human error, a zero-day attack, vendor issue, etc.”
News of the attack has been widely published on tech sites and news sites in Europe and elsewhere, including in Turkey and India.
4 comments
rss | trackback
Social Recruiter UK - Social Media Recruiting » Twitter Hacked: Social Recruiting & Online Security Jul 15, 2009 at 5:03 am
[...] hacking has always been there and even major job boards have been compromised with private details of users stolen, we are seeing more of this happen [...]
Should you put your resume on a job board? Yes but… « Bad Job Boards Oct 2, 2009 at 9:43 am
[...] like this happen sometimes: http://www.ere.net/2009/01/27/monster-hacked-again-45-million-records-stolen/ Some hacker grabbed 4.5 million user records from Monster in [...]
Hacked Job Board Tells Victims to Pay for Protection Themselves : ERE.net Oct 27, 2009 at 4:00 pm
[...] is the second major security breach of a British job board this year. Monster’s UK site was hacked in January and some 4.5 million records were stolen. tags: [...]
Brit Job Board Hacked! « Oct 28, 2009 at 6:03 pm
[...] is the second major security breach of a British job board this year. Monster’s UK site was hacked in January and some 4.5 million records were [...]