Monster Hacked Again; 4.5 Million Records Stolen

The Monster hack, first reported late last week, is making news worldwide with news agencies in the U.K. and elsewhere reporting that 4.5 million users of the job board, including in the United Kingdom and  elsewhere had their data compromised. The company told The Times, a London newspaper, that such personal information as addresses, names, birth dates, and other “demographic information” were stolen. Hackers also managed to get user IDs and passwords.

A Monster spokeswoman declined to comment on the number of records affected, but said it included some U.S. users. Monster’s non-career sites (such as Military.com), the European site JobPilot and sites in Asia Pacific and in Eastern Europe were not affected.

Monster has posted a warning on its homepage linking to a letter explaining the intrusion. Dated Jan. 23rd, the letter signed by Patrick Manzo, Monster’s Global Chief Privacy Officer, warns users they may be subject to “phishing” expeditions, where they receive emails from the hackers but appearing to be from Monster, directing them to download malicious software or provide additional confidential information.

A similar warning has been posted to the USAJobs site, the official job board of the U.S. federal government. The site is powered and managed by Monster; thus, the profiles and other data of its users may have been illegally accessed.

This happened after an August 2007 hack that downloaded 1.7 million user records, nearly all from the U.S. The security breach only became public after a security company posted the news to its website, forcing Monster to admit the intrusion days after it knew the breach occurred.

This time, it was Monster which disclosed the hack and provided details about the type of information that was accessed. The Monster spokeswoman said no resumes or customer transactional data were compromised. However, recruiters, like job seekers, are urged to change their password as well as keep an eye out for phony Monster emails. The posted letter contains additional guidance.

Article Continues Below

Monster received better marks this time for its reporting of the breach. NetworkWorld, a tech-focused publication for network administrators, analyzed Monster’s disclosure letter and compared it to the warning the company sent out after the 2007 hack. The publication had Roger Nebel, director of strategic security for FTI Consulting, review the Monster warning reporting that he considered it “adequate: Not bad, but could be better.”

“There are no details about how they were hacked, nor steps taken to prevent it again,” NetworkWorld quotes Nebel as saying. “While I don’t expect them to necessarily tell us gory details there should at least be some context, be it human error, a zero-day attack, vendor issue, etc.”

News of the attack has been widely published on tech sites and news sites in Europe and elsewhere, including in Turkey and India.

John Zappe is the editor of TLNT.com and a contributing editor of ERE.net. John was a newspaper reporter and editor until his geek gene lead him to launch his first website in 1994. He developed and managed online newspaper employment sites and sold advertising services to recruiters and employers. Before joining ERE Media in 2006, John was a senior consultant and analyst with Advanced Interactive Media and previously was Vice President of Digital Media for the Los Angeles Newspaper Group.

Besides writing for ERE, John consults with staffing firms and employment agencies, providing content and managing their social media programs. He also works with organizations and businesses to assist with audience development and marketing. In his spare time  he can be found hiking in the California mountains or competing in canine agility and obedience competitions.

You can contact him here.

Topics