News Stay informed about the latest enterprise technology news and product updates.

Monster.com attacks: Worse than first thought

Early last week I wrote about some aggressive phishing attacks against Monster.com users in which 1.6 million bank account records had been stolen. In an interview with Reuters, Monster Worldwide Chief Executive Sal Iannuzzi suggested the damage may be far worse.

While investigating the recent theft, he says the company discovered that its Web site had been hacked in the past. Of those affected, he told Reuters, “We’re assuming it is a large number. It could easily be in the millions.”

He said Monster.com users should play it safe and just assume their information was compromised and watch out for potential fraud against them.

Of course, this should serve as a lesson to never, ever stick your most personal information into Web pages like those found on Monster.com.

Update, Aug. 31 at 11:43 a.m.: Below is a copy of a letter one of my relatives received from Monster.com in response to the attacks:

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Monster
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Dear Valued Monster Customer,

Protecting the job seekers who use our website is a top priority, and we value the trust you place in Monster. Regrettably, opportunistic criminals are increasingly using the Internet for illegitimate purposes. As is the case with many companies that maintain large databases of information, Monster is from time to time subject to attempts to illegally extract information from its database.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded to this specific incident by conducting a comprehensive review of internal processes and procedures, notified those job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
The Company has determined that this incident is not the first time Monster’s database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a “phishing” email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other websites.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
We want to inform you about preventive measures you can take to protect yourself from online fraud. While no company can completely prevent unauthorized access to data, we believe that by reaching out to job seekers like you, the Company can help users better defend themselves against those who have attacked Monster as well as other databases.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
We are committed to maintaining an ongoing dialogue with all of our job seekers about Internet security and the steps Monster is taking to protect its job seekers. The Company has placed a security alert on Monster sites offering information to educate you about online fraud. This information can be found at http://help.monster.com/besafe/. We have also included information on Internet safety and examples of fraudulent “phishing” emails at the bottom of this letter.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Monster has launched a series of initiatives to enhance and to protect the information you have entrusted to us. Some of these steps are being immediately implemented, while others will be put into place as appropriate.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
We believe these actions are the responsible steps to protect the trust you place in Monster. We are also working with Monster’s hundreds of thousands of employer customers to ensure a safe and effective online job search. We will continue to share information with you about the enhancements we are making as we serve as your online career resource partner. We invite you to keep reading to learn more about how to use the Internet safely.
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Sincerely,

Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet. Signature
Sal Iannuzzi
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Chairman and CEO
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Monster Worldwide

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

"Of course, this should serve as a lesson to never, ever stick your most personal information into Web pages like those found on Monster.com." How is one to conduct business in this day and time when personal information is increasingly required? Even if you are a luddite and use little or no technology the risks of identity theft and fraud are fairly high. Monster.com was irresponsible to begin with and was either too inept or naive to have such lapses in security. I don't think they really gave a damn and couldn't have cared less.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close