Monster.com Gets Hacked - Personal Data On Hundreds Of Thousands Stolen
By Logan Murphy Wednesday Aug 22, 2007 6:07pm
Via BBC:
US job website Monster.com has suffered an online attack with the personal data of hundreds of thousands of users stolen, says a security firm. A computer program was used to access the employers' section of the website using stolen log-in credentials.
Symantec said the log-ins were used to harvest user names, e-mail addresses, home addresses and phone numbers, which were uploaded to a remote web server.
The stolen data could be used to send phishing and spam e-mails. <!-- E SF -->
"This remote server held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website," reported Symantec. Read more...
Login or Register to post comments.
You The Monster
Comeon,
hypercritical much???
monster didnt release a statement about what happened until today
Comeon @ 1:
I dunno. What's with concern trolls criticizing every aspect of a popular blog?
Thanks, we took care of him. :)
"To the best of our knowledge, this is not a hack of Monster's security, rather, legitimate customer credentials are being used to log in to the database," said Patrick Manzo, vice president of compliance and fraud prevention at Monster.
Were they attacked or just sloppy? Time will tell..
While it sucks that the hackers got addresses and phone numbers, I don't think they got anything more detrimental, such as Social Security numbers. They posed as an employer, so whatever info. that you would usually put up at Monster.com to look for a job is what they took.
Then again, some of those "employers" at Monster.com are questionable... such as ones that, say they have a sales position open when you're looking for an engineering job.
What amazes me is that, once again, we have to rely upon a foreign media to report this.
Yep, I've been getting the emails. Luckily for me I have a huge brain and smart enough not to respond.
ooppss...........glad they don't have any info on me....But I think that their home office is in the Bay Area........hmmmmmm?...looks like KKKarl is wasting no time doing what he does best.
...drip...drip...
No biggie. Soon personal data of millions of Americans, not mere thousands of Americans, data collected by our government to protect us, will be on the internets available to all who want it.
I don't understand this. Symantic reported this failure in July of TROJAN.Gpcoder.E and worked on fixes for several days. Why doesn't MONSTER let their User community know about this ASAP? Anything on their site -- nope. Anything on how to handle this -- nope. If you were Phished and caught then TFB.
By the way -- it's good that this information about the breach gets out even tho it's a few days old and OT.
Whoops! Corporate America breaks it off up many, many citizens rectum and.....
Yawn....
Not a problem, nothing to see here....please move along now.
This week my bank's computer system would not allow anyone, bank officers included, to withdraw or transfer or pay bills from their accounts, my 2002 truck died on me, my web-based software had a major bug and....
Well you get the idea. Could it be that this brave new world ain't what it's cracked up to be?
[deleted - While we thank you for your concern, please contribute something or leave.]
No biggie. Bush and Gonzo had all this information already.
Comeon @ 13:
I did contribute something. I let Doggiebobo (#6) know that this was in fact already reported in American media, not just British ("foreign") media. Seriously -- why do you keep censoring my posts? I'm not saying anything uncivil.
[Don't play the "uncivil" game with us. Concern trolls are timewasters. What are you?]
perhaps it's only coincidence that i'm encountering this story just after receiving a strange phone call where my call display identified as an unusually long number which i initially thought was an odd-looking long distance number: 1125951400000002, but now suspect it was some form of system/program to verify the existence of accounts and numbers it had harvested... and perhaps, i'm just being paranoid...
i do not see why you call this hacking. nobody broke into anything. they gave permission to somebody to access the employer database without checking their credentials. people do not check id at bars all the time. i mean, anybody can post a job ad on craigslist and get a ton of resumes and personal info. if you are willing to put it in a resume and send it to a stranger, then who cares who gets a hold of it. really don't think this counts as hacking.
I'm getting them too and I'm not happy. I had managed to keep my mail account clean.
A Citizen: "This week my bank’s computer system would not allow anyone, bank officers included, to withdraw or transfer or pay bills from their accounts, my 2002 truck died on me, my web-based software had a major bug and…."
Heh. Sounds like some sort of weird 21 century country song...
[Deleted. Comeon, NoATTroll, YeahRight, NoSpam, or whatever name you are using next, is banned. Later]
Monster.com hacked and now I'll get spam ? I probably won't notice any difference.
There isn't much anti-hacking technology can do against if your employees are willing to hand out their username and password to someone they don't know over the phone, which is what I bet happened here.
Probably some guy pretending to be tech support said they needed some guy's username and password for some reason, so the employee happily gave it to him, and volia, instant access to the database. If this is really what happened, the person who handed over his credentials should really know better.
Also, the way it sounds from the article, it sounds like they know where the information was downloaded to (so hopefully they can trace it), and if that's the case, they should know under whose login they accessed the system through. Someone ain't gonna have a job for much longer methinks.
I wish Democrats would make identity theft an issue in 2008 races. So many people have been affected by it from all walks of life
This IS interesting because I got a spam memo at work today from Monster, promising a job where I could earn big bucks working for "European" companies needing Americans to process their sales. I thought it was weird; why would Monster email me with job opportunities?
jr @ 23:
Yep. My wife's wallet was stolen from her place of work in 2004. It's one thing to have to deal with following up with the companies that don't get payment from a stolen check that bounced, but it's a pain in the ass when a company calls you and insists that you pay them the $500 for that check, even after you have sent, and they have received, a police report detailing and proving the theft, and then they tell you that it seems you'd rather pay the $500 and avoid embarrassment by being hauled into court.
I think that victims of identity theft should be able to sue the idiots at retailers who take a check, or accept a credit or debit card, without checking a photo ID. It should be a national law for all retailers to check ID when possible, when conducting face-to-face business.
What's the difference? I never got anything but spam from monster.com anyway.
ID databank thefts of last few years may have more to do with the GOP stealing votes than anyone stealing money.
maybe it would be useful for someone to find out just how much money was stolen using those databases. maybe very little. but wait till the elections.
This is just Total Information Analysis at work. Nothing to see here. Just go about your business or they will be forced to execute each and ever one of you by gunshot to the head.
Your friendly NSA at work again.
Why don't these hackers ever do something useful like find the missing Republican emails?
Comeon @ 20:
(Flip hair and eye roll).
http://www.youtube.com/watch?v=ZowHPZG2dLc
That explains the sudden influx of job offers for sales and management positions (I'm a tech writer), with the same pitch you used to get for pyramid sales schemes. I've gotten to where I can smell a rat a mile away. They come in my mail box right next to all those scams from Nigeria that I still get (and flush).
Identity theft seems to have been a real problem lately. Lately as in about 7 years....lately since the WarPigs have been running the country. Things that make go 'hmmmmmmmmm'. They want to create a national database with REAL ID's?
When the President is corrupt, corruption spreads throughout the country. And when the USA becomes corrupt, corruption spreads throughout the world.
Login or Register to post comments.