Monster.com was hacked and over one million records exploited
I wonder how this news will affect how often job seekers use job boards? Will they simply use an alias and a disposable email address to protect themselves (as I often suggest), or will they avoid job boards like the plague? Time will tell.
-snip-snip-
A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs website reveals the perils of leaving detailed personal information online, security analysts say.
Before the scheme was uncovered last week by researchers at Symantec, con artists had filched legitimate user names and passwords from recruiters who search for job candidates on Monster. Then with access into the Monster system, the hackers grabbed resumes and used information on those documents to craft personalized “phishing” e-mails to job seekers.
“What phishers are trying to do these days is make them as realistic as possible, by adding specific information,” said Patrick Martin, a Symantec product manager. “If they know you’ve submitted a resume to Monster, that makes it (seem) a little more legitimate.”
If the recipients took the bait, they had spyware or other malicious programs secretly installed on their computers. But even if the phishing attempt wasn’t successful, the names, addresses and other details on the resumes can themselves be lucrative.
A server in the Ukraine used in the scheme held 1.6 million entries. Because of duplications, Symantec said those files actually held personal information for “several hundred thousand” job seekers. Another anti-virus firm, Authentium Inc., said it parsed the same data and counted 1.2 million people.
Symantec said it relayed details to Monster.com so it could disable the compromised recruiter accounts. But the security company also advised Web users to limit their exposure to such frauds by reducing the amount of personal information they post on the Internet.
READ: Phishing attack plunders Monster.com
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
I stopped using monster a while back for many of the same reasons I’ve read online. Way too many sponsor ads and “make money from home” jobs. Monster hacking doesn’t surprise me. I still have an old resume there but previous searches haven proven useless; Monster is reference tool only. However, career and job sites do have a necessity. The sad thing is that money is the main focus point and in this way of thinking businesses lose potential customers because they put profit before useful information. I’m working to change that line of thinking. America and the world as a whole needs intelligent innovative new blood business people; but it doesn’t need people who only do it for the money. Monster.com has become a “we only want to make a profit” site and I don’t believe they have figured that out yet.
Nice post…i agree…i think it is about time that more employers withdraw support from Monster, just like jobseekers seem to be doing. I posted the same thing on my blog too.
best~GL Hoffman