bit-tech.net

Monster.com waits 5 days to tell of breach

Monster.com waits 5 days to tell of breach

I wonder if I was one of the 1.3 million Monster.com users affected by the security breach.

Near the end of last week, Monster.com was informed by Symantec Corp that its server had been attacked by hackers.

The hackers launched the attack from two servers located in the Ukraine and a network of computers that had been infected with Infostealer.Monstres using credentials stolen from one of the website's clients to gain access to the password-protected resume library that contains personal information of over 1.3 million job seekers.

It took five days from the initial attack for Monster to inform its user base of the incident. An entire day after Symantec had published a report on its website.

Patrick Manzo, vice president of compliance and fraud prevention for Monster said that only names, addresses, phone numbers, and email addresses were stolen from the company but Symantec claims that was only part of what the hackers intended.

In the report issued by Symantec, apparently scam emails were uncovered that were designed to get even more information from the users. The contact information stolen from the servers was used to help make the scam emails more trustworthy so that the hackers could obtain more valuable information such as bank account numbers.

"It gives these spam e-mails just a little bit of credibility," said Patrick Martin, a senior product manager with Symantec's response team in Austin, Texas. "These guys were trying to get financial information from people."

Fewer then 5,000 of the 1.3 million people affected are based outside the United States.

Monster has said that it has posted letters to all those affected just in case they were weary of opening up any emails from the company.

With the security breaches at large corporations and lost/stolen laptops from government agencies, are you ever the more careful about where you post your personal data? What steps do you take to help safeguard yourself from identity fraud? Let us know in the comments section below or over in the forums.

4 Comments

Discuss in the forums Reply
naokaji 24th August 2007, 16:09 Quote
makes me glad that i removed my cv form monster asap after finding a job....


5 days? thats just f***** up.....
Mankz 24th August 2007, 16:09 Quote
Looks like someone tried to cover it up.
Rebourne 25th August 2007, 06:48 Quote
That's a lot of dangerous information to be stolen. Seems like something the users should be compensated for. I'm really glad I don't use their site.
bilbothebaggins 27th August 2007, 10:10 Quote
Quote:
What steps do you take to help safeguard yourself from identity fraud?
Seriously - what steps can you really take?
With all the govs collecting and crosslinking these huge amount of data of all their citizens in the name of so called "security" and whatnot.
Just is a matter of time until someone there (or in some bank or credit card company) messes up, and then what? It's not as if we have any choice there.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums