bit-tech.net

Crackers steal Monster.com database

Crackers steal Monster.com database

Users of Monster.com are advised to change their passwords after crackers managed to access the backend database system illicitly.

In what must feel like a final kick in the teeth for the recently redundant, job site Monster.com is warning users that crackers have breached their servers and made off with personal data.

According to an article on BetaNews, the company has been breached by persons unknown with databases containing details of its customers – including names, user details, passwords, e-mail addresses, physical addresses, telephone numbers, and what the company described as “some basic demographic data” – being purloined for purposes perverted.

A note on the site dated January 23rd explains that the company “recently learned [that] our database was illegally access and certain contact and account data were taken” but assures users that “sensitive data such as social security numbers or personal financial data” was not included in the breach. Monster.com has also ascertained – although it isn't clear how – that so far the digital thieves have not made use of the data, and has vowed to “continually [monitor] for any illicit use of information in our database.

The company is advising those affected by the breach – which is everyone with a user account on the Monster.com site or the US-based USAJobs.gov site – to change their password immediately.

This isn't the first such attack the company has suffered: in August 2007 crackers nabbed around 1.3 million account details which were later used to target phishing attacks in an attempt to gain financial data, and towards the end of 2007 ne'er-do-wells were able to plant malware download triggers on certain pages on the site.

Any Monster.com users here worried at the thought of their personal data going walkies in these times of financial trouble, or is the limited data kept by the company not worth anything anyway? Share your thoughts over in the forums.

5 Comments

Discuss in the forums Reply
TomH 27th January 2009, 12:48 Quote
URGENT: Senior Security Engineer required
Excellent rate of pay,
Immediate start,
Apply to: Monster.com

Actually saw this on Slashdot, and although it's the only mention of unencrypted passwords that I can see, if it's true then it's more than likely just absolute stupidity on their behalf.

What's worse is that they're not telling users that their favourite 'used for everything' password is now linked to their 'use for everything e-mail' in some black market database.
Atomic 27th January 2009, 15:03 Quote
I'm just happy I use a different password for each site I use now.

I am shocked that they don't encrypt the passwords though, that seems like a complete lack of basic security.
LeMaltor 27th January 2009, 16:31 Quote
CV taken off and personal data changed, thanks for the heads up :S
E7130 27th January 2009, 17:30 Quote
So, is this going to become a tradition at Monster.com? I can see them loosing money on this; who wants to do business with a company that can't provide better information security? They have a poor site anyways and should fire the people that are supposed to be actively monitoring this stuff.
B3CK 27th January 2009, 18:04 Quote
Quote:
Originally Posted by
With the economy the way it is, I can see the Nare'do wells targeting more of the job sites in the future.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums