Millions of jobseeker details stolen in Monster hack
By Asavin Wattanajantra,
Job recruitment website Monster has been hacked, with details from the 4.5 million users of Monster.co.uk stolen.
Contact and account details were lost, including user IDs, passwords, email addresses, names, phone numbers, and basic demographic data. Fortunately, the breach did not include sensitive details like social security numbers or personal financial data.
Upon learning of the theft, Monster initiated an investigation and took active steps to correct the problem with the help of law enforcement. So far, the company claimed that it has not seen any misuse of the stolen information.
However, Monster users may soon be required to change their passwords upon logging onto the site, and it was also recommended that they proactively changed it in the meantime.
Monster decided not to send email notifications to avoid the risk that the messages would be used a template for phishing emails targeting job seekers. It warned users not to accept unsolicited emails asking for a Monster username and password.
Security experts have said that users should be aware that the information taken from Monster alone was not enough to attack bank accounts, but that it was nevertheless a very worrying breach of security.
Jay Heiser, Gartner research vice president, said: “It is the case that the criminal community is hoovering up large amounts of personal info and correlating it, functioning as some sort of underground information bureau."
He added: “The fact that most people do use the same password on multiple sites means it is possible for that password information from Monster to be available to attackers, along with information from other sources, to attack bank accounts."
He also said that users should never assume that a Software as a Service (SaaS) offering was safe, unless they were given evidence that it was. He said that consumers had no way of knowing how safe a site was, and shouldn’t put anything on it that would harm them if it was stolen.
Heiser also said that this should serve as a warning to businesses. He said: “If what you do involves information that you can’t afford to lose, or you don’t want stolen, then you need to be given evidence by the service provider that they are taking security into account.”
You may also like...
You may also like...
advertisement
Latest Security Features
The trials and tribulations of social networking
As a business, you may be examining how to take advantage of social networking sites. Before you leap into the fray, take heed of the mistakes others have made before you.
- NO2ID on fighting the database state
- Building a better password
- Q&A: George Kurtz, CTO, McAfee
- Is mobile malware really a risk?
- Fear and loathing in the Mariposa aftermath
- Public vs private: Which cloud is best for business?
- Q&A: Gerhard Eschelbeck, chief technology officer at Webroot
- How the Digital Economy Act will affect your business
- Cyber war: Modern warfare 2.0
Latest Security Reviews
Kaspersky Internet Security 2011 review
Rating: 
- G Data Software EndpointProtection Business review
- eSoft InstaGate 806 review
- M86 Security Secure Web Gateway 5000 review
- Google Maps Navigation review
- Netgear ProSecure UTM10 review
- ZoneAlarm DataLock review
- SmoothWall Guardian SWG-1208 review
- Symantec Backup Exec 2010 review
- WatchGuard XCS-770 review
advertisement
Most popular
- Government calls mobile broadband spectrum auction
- Sony Ericsson Xperia X10 Mini Pro review
- UK web guru handed key to the internet?
- Samsung Galaxy S review
- 100 million Facebook user info scraped
- HTC Hero to finally get Android 2.1 update
- Top 10 remote desktop applications
- Amazon sets UK Kindle launch date
- Head to Head: Office 2010 vs Open Office 3.1
- Top 10 future trends for mobile phones
Latest News Videos in Security
Video: Why security is everybody's responsibility
PlayRik Ferguson, senior security advisor at Trend Micro says it's up to all of us to make security work.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Gary Gemmell
Worse than it sounds as many people use the same usernames and passwords in their internet banking and other financial sites. Alos 4.5 million not billion as on the content page - gave me quite a shock that did!!!
By gazomen on Tuesday Feb 3
Security in Online Recruitment
This is precisely why high-value job-seekers in management, finance, IT, etc., are increasingly going to high-end niche sites like http://www.qualifind.co.uk where security is much more comprehensive. These kind of sites, as a rule, are not only built from highly secure non-mainstream technologies, but allow candidates full control over their data, including full irrevocable delete.
By davidvr on Monday Jun 21