Wow! The hits just keep coming. I just read an interesting article on the latest Monster debacle and here are the highights…

1. Monster.com waited five days to tell its users about a security breach that resulted in the theft of confidential information from some 1.3 million job seekers

2. Hackers launched the attack using two servers at a Web-hosting company in Ukraine and a group of personal computers that the hackers controlled after infecting them with a malicious software program known as Infostealer.Monstres

3. Monster first learned of the problem on August 17, when investigators with Internet security company Symantec Corp told Monster it was under attack

4. …based on Monster’s review, the information stolen was limited to names, addresses, phone numbers and email addresses, and no other details

5. August 21, Symantec published a report on its Web site that said it had found copies of scam e-mails that the engineers of the attack were using, with the aim of getting information that was more valuable than just the names and contact details of Monster.com users.

6. It wasn’t until Wednesday, a day after Symantec issued the August 21 report, that Monster put a notice on its Web site, www.monster.com, warning users they might be the target of e-mail scams.

7. Monster also posted letters to the 1.3 million affected users on Thursday in case the users were wary of opening e-mail from the company after the breach.

8. Monster’s database has about 73 million resumes.

Again, wow! Why? Well, if they knew about the breach on August 17th, why was it not until the day after Symantec made a public disclosure that a (nearly invisible) notification was made on their website?

Sigh… but I already made a rant about that; although now I see that it should have been made 5 days prior. Shame.

Click here to read the full story for yourself.

Send article as PDF to