Monster.com break-in leaves millions of users compromised
28 Jan 2009
Monster.com, the popular job web site disclosed Friday that hackers had gained access to its database for the second time in six months. According to a statement issued by senior vice president Patrick Manzo, the company had learned that their database had been illegally accessed and certain contact and account data had been stolen.
He said that the hackers had stolen user names, passwords, telephone numbers and e-mail addresses. He added that demographic data, birth dates, gender and ethnicity had also been stolen and added that CVs had not been accessed.
The statement also cautioned users to be on the look-out for phishing e-mails built on the details that were shared with Monster.
The statement went on to say that users will never get unsolicited e-mails asking for username and password confirmation. Additionally it said that Monster will never ask users to download any software tool or access agreement in order to use their Monster accounts.
Though Monster has not given exact numbers of users whose personal data might have been compromised, analysts believe the figure might be in millions across many nations.
The company has also adviced users to change their log-in details.
Company spokeswoman Nikki Richardson said that a criminal investigation has been initiated, but refused to comment on a press report that put the number of users whose data had been compromised at 4.5 million users in Britain. She pointed out that the hackers had not stolen social security numbers, resumes or customer transaction data.
According to security and privacy experts, the incident has left users of the site particularly vulnerable as access to information can be gained by typing user ID and password. They say crooks ''hoover up'' such details and then correlate it with other information stolen elsewhere. They then use the information to hijack bank accounts, break into company systems and pull off other scams.
A data thief could enter a stolen user ID and password to gain access and then change the password and thus obtain permanent access to the account they point out. Considering the fact that many users may not be active, this leaves a potential for many accounts to be compromised, they say.
In August 2007, the web site's data-base was hit by a virus that siphoned off more than 1.6 million records of US based customers. A Russian gang called Phreak had been identified as being responsible for the virus. It was found to be selling the data to fraudsters.
