Monster’s woes over the illegitimate use of its resume service may be the most public of job board security breaches, but it is far from the only one. Many of the job boards attending the International Association of Employment Web Sites congress in San Francisco last week admitted to having been the target of attacks by hackers, spammers, phishers, and others.
“All of our members are being attacked day in and day out,” explains Peter Weddle, executive director of the job board trade group. “There were a lot of kimonos being opened up,” a reference to the candidness of the conversation.
The half-day congress was the second since the IAEWS was formed more than a year ago. It happened to coincide with the August disclosure that Monster’s resume database had been accessed and contact information for some 1.3 million job-seekers had been stolen. The information was then used to send official looking notices to many of the job-seekers in an attempt to get them to give up confidential information — a scheme known as phishing. Others also got notices that appeared to come from Monster inviting them to download software that would actually steal personal data.
While most of the 80 or so attendees represented job boards that compete at some level with Monster, Tony Lee, a panel moderator at the conference and an executive with job board vendor Adicio, said there was little evidence of schadenfreude. “Everybody was asking, ‘What do we do?'” Lee reports. “I was impressed by the camaraderie and dedication of the people there.”
Both he and Weddle said it was obvious from the discussion that the problem of improper access and use of job-seeker data is broad. Hacking into a system and stealing data may be the most spectacular of security breaches, but less obvious are the problems with companies that harvest job-seeker data for the purpose of soliciting new clients or spamming them. “It’s a key challenge to our industry,” says Weddle. “It’s a magnitude greater than the media knows.”
To address the problem, the IAEWS set up a working group that, among other things, will help the industry better educate employers on safeguarding passwords and job-seeker data. It will also set up a sort of “early warning system,” as Weddle describes it, by which each job board that has been the subject of an attack or phishing scheme can report it so others can take security steps against the specific attack.
As challenging as it can be to stay a step ahead of the phishers, scammers, and others, the bigger challenge of the congress may well have come from Richard Nelson Bolles, author of “What Color Is Your Parachute?”, the job-hunting manual that revolutionized job hunting.
“Stop thinking exclusively about job searching,” was Bolles’ advice to the job boards, says Weddle. In terms of career development, Bolles challenged the group to rebrand themselves as “career support sites” where workers can turn for help with networking, professional development, setting their career goals, and advice overcoming career roadblocks.