Second attack on Monster website discovered
By Rene Millman,
The attack on job website Monster.com has left more than 1.3 million users of the site open to identity theft. Monster's chief executive admitted that a second hack of the site went unnoticed.
Sal Iannuzzi said that further investigations by the company unearthed the second hit and said that the company had no idea how much information had been taken during the cyber onslaught or how many times the database had been accessed by criminals.
"We are assuming that it is a large number," he told Reuters. "It could easily be in the millions."
The company is promising to invest £40 to £50 million in traffic monitoring equipment to detect such breaches, but admitted that the website may never be safe.
"I want to be clear and I want to be frank: there is no guaranteed fix," Iannuzzi said. "I wish I could say there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no internet company can."
While the information stolen from the site can't be used to siphon off money from victims it can be used in social engineering scams in order to get such sensitive financial information directly from the victim.
There have already been cases reported on the internet of phishing gangs sending out emails pretending to be recruitment companies asking for bank details within fake job application forms. The false emails also harbour malware designed to compromise a victim's computer and turn it into part of a botnet.
As reported by IT PRO, Monster had known about the attack five days before it went public with the breach. Around 73 million CVs are held on the website's database, but Iannuzzi claimed that only a handful of accounts were cancelled by users and employers.
advertisement
Latest Security Features
Lessons to learn from a year of data breaches
In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.
- Q&A: DNS inventor Paul Mockapetris
- Is the password ill-equipped for the modern world?
- Why is backing up given short shrift?
- Defending Europe against cyber attack
- The present and future of IT security
- I’m an IT manager, get me out of here!
- IT around the world: Russia
- Chinese web control an Olympic challenge for tech firms
- SOS Bletchley Park
Latest Security Reviews
Fortinet FortiGate-3810A
Rating: ![]()
- Clearswift MIMEsweeper Web Appliance ENW
- NetASQ U6000 UTM appliance
- AVG Internet Security SBS Edition 8.0
- Finjan Vital Security Web Appliance NG-6000S
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
IT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.



Social Bookmark this article: What is this?