Slashdot Mirror
Monster.com Attacked, User Data Stolen
Placid writes "The BBC has an article detailing a successful attack on the US recruitment site, Monster.com. According to the article, 'A computer program was used to access the employers' section of the website using stolen log-in credentials' and that the stolen details were 'uploaded to a remote web server'. Apparently, this remote server 'held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website'. The article also links the break-in to a phishing e-mail sent out recently where personal details were used to entice users to download a 'Monster Job Seeker Tool.'"
i smell a lawsuit
If you mod me down, I will become more powerful than you can imagine....
Wanted:
New sysadmin. Must have experience in data security. Submit resume to adminjob@monster.com
I like the BBC headline better.
You know, every time I get an email telling me my Bank of America account is going to be frozen, and should go to http://myaccounts-bankofamerica.net/ I always ask myself "Who actually falls for this stuff?". Now, I know. The people I look to for jobs. /cheer
Doing the needful.
now hundreds of millions will be able to see my resume, instead of the usual tens of millions!
-Yourmomisfasterthanabeowulfcluster
Luckily.......I followed slashdot's add to dice
Who actually wants this data, many will think it just some Russian hacker but this doesnt feel right to me. I wouldn't be surprised its a government agency collecting data the easy way.
Symantec's explanation
The trojan (Called Infostealer.Monstres) seems to be using HR login details (possibly stolen) to access hiring.monster.com and recruiter.monster.com sub-domains and download candidate information. It also seems to be similar to a previously known trojan called Trojan.Gpcoder.E
Symantec estimates that 1.6 million people (mostly from USA) have been impacted.
They have informed Monster about it
In Soviet Russia, Monster.com attacks you!
so Monster had no way of preventing some set of IP addresses from downloading over a million entries? does that sort of thing happen alot and they didn't think it was unusual or what? it would just seem to me that if there were alot of servers downloading an unusual amount of entries that there should be some way to prevent that...
Sigs are too short to say anything truly profound so read the above post instead.
what a fucker. SMAHTB
Monster and Dice are just meat markets. Relatively few people actually get jobs there, at least in IT. The real way you get a job is to know someone and have a good network of people. That's how I got my job, Monster and Dice never helped me. They're more like "cattle calls" for movie parts. Who knows, maybe Monster and Dice sell the email address lists to spammers...for the right price?
Speaking of spammers, this is for you spambot email harvesters.
M-M-M-Monster Kill (...kill...kill...kill...kill...)
What a nightmare, I'm already being flooded by dozens of job offers for adult websites development...
While the fact that employer's Monster account(s) were stolen/cracked/pilfered is sad, the article says that trojan was essentially storing search results.
That information is available anyways, as people with resumes in open access do want to be contacted so they publish the email/phone/name etc and anyone with a screen scraper can amass this pile of "personal data". There is no indication that job seeker's database was stolen.
As for phishers I had a run in with one company claiming to "hire for Google" and demanding my SSN so they could "put my data into candidate database at Google, that absolutely demands SSN as unique ID".
That was several months ago.
Hyperom.com
U Go Grl
Seriously, if even Slashdot can't use the word properly, how can we ever expect the MAFIAA to learn?
Seeking networking security professional for immediate vacancy.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
August 1st: "Monster.com lays off 15 per cent of staff" http://www.vnunet.com/vnunet/news/2195363/monster- com-lays-per-cent-staff
It makes you think if one event leads to the other...
This story has the best headline I've seen on the BBC in a long time:
Ruh-roh! Someone call the Scooby Gang!
There would have been dozens of comments which insult the submitter for the bombastic title.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Always telling me about the importance of accurately listing my skills and former employment, without exaggeration.
But my resume is full of lies.
The person described in it is nothing like me!
ha, suck it phishers!
This could be used in job scams. be wary of job offers coming in from monster. always get a phone number from the phone book and ring them back to verify.
If you mod me down, I will become more powerful than you can imagine....
Nice bonus is trying to find a link on their website where you can contact a real human. Or contact anyone. They seem to assume that anyone who wishes to contact them is either a job seeker or job poster. I don't think this is an oversight. I do think the staff at monster.com don't want to be conversed with in any way. Slimy.
I removed my "profile" years ago, but somehow they still persist in contacting me. Obviously, it's a one-way thing; I couldn't possibly email I real human there. Because if they *really* wanted to talk to me, I'd ask them to remove all my info and leave me the fuck alone.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Errrr.... no.
The program used stolen login credentials so linux and any other os would have thought the trojan was a valid user...
--- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
Have a look at soylentnews.org for a different view
Are you out of your mind?
They specifically state it's a US site because it's a British article.
You're dumb.
Linux Zealots: Smarter than Mac Zealots, but still zealots.
well iam not interested in stupid employees or stupid employers who fall for this kind of scamms anyway
It could have been done over weeks or months, some time ago. This story doesn't say. I have had no notice from Monster about the breach in security, yet. Good thing I'm already in the middle of a round of interviews with a great company this week, for which I submitted a resume directly. I look forward to being able to delete my resumes and other information from Monster very soon.
Get off my launchpad!
I know my boss is a sadistic, slave driving control maniac, but this!
Capitalism is the Opium of the Masses; Customer is King is the slogan.
Upon reflection, I agree with you. It's not the admin's fault -- once it was in the admin's domain, it was already too late. IMO, This breech happened due to a design shortcoming, not a programming error. Let me explain: Any serious company with an internet presence should be asking "When a loss of an external user account/password occurs, what's the maximum damage that can occur? What can we do to minimize the impact?" Frankly, there is no reason at all that one user account (or even dozens) should be able to download 1.6 MILLION (!!) resumes. That's an incredible number!
I'm shocked to think Monster doesn't have a limit on the # of resumes an account is able to d/l per some time period. (week/month/quarter). I don't know what that number is, but I'm thinking closer to "100" than "1.6 million". And didn't they run some cumulative activity reports once in a while to learn which accounts are the most active? And to what IP's the requests are being served? At the least, you'll know who your biggest customers are (or at least the ones who are taxing your servers) and where the data is going. At best, you'll spot problems like this breech as it is happening at stop it.
So if someone must be sacrificed, line up the data security officers and a project manager or two. It's their job to be asking these questions and ensure they are compliant.
Then again, hindsight is 20/20. Maybe the best thing that occurs from all this is we, on the sidelines, learn from their mistakes.
We'll stop calling websites for the USA "US Websites" when you stop butchering our language. The word you were looking for is "anti-American"
Also, if you check your history then Europe created the public WWW (with the CERN site in France/Switzerland) and it was a Brit, Tim Berners-Lee, who first developed HTML and worked on the original HTTP specification (Wikipedia references).
Here in India too, monster runs a portal (monsterindia.com ). The site is full of holes. I had informed them of the problems by email recently, and they did was respond with a "thank you".That was more than a month ago , the holes are still there.
Some examples:
1. An attacker can create a profile/resume with embedded scripts that will steal a profile viewers cookies and post to remote server.( XSS ). This way, one may steal "employers" details.
2. An attacker can post a job with embedded scripts that can steal a job seekers details.
3. There also are more severe holes that have a bigger impact.
No, he had it correct. When you tend to identify, with the shorthand "US * site", those web sites either based in, or of particular interest to the citizens/residents of, the United States of America in order to differentiate them from others, you are showing an "un-American" bias to take into consideration a global audience. The OP, blithering idiot that he is, shows a completely "American" bias to denigrate, or at least ignore, the global audience and the accomplishments of those outside "America".
I quoted "American", BTW, since the USofA is only one of many countries in the American continents and "USA" could just as easily refer, for example, to the "Union of South Africa".
I received many of these emails that my access would be denied to Monster unless I installed the app. Yeah right, like I'm an idiot. Let's install some unknown crap on my PCs... I wanted to forward the emails to Monster's fraud unit but never could find any address on their site to email them to. I looked a long time too, I mean a loooooong time. Nothing but useless FAQ's. If they published a fraud address to forward them to for investigation it might have stopped a lot sooner. I get phishing emails all of the time for Ebay / Paypal on my domains and forward them. They respond (probably automated) but at least they find out in a timely fashion. Monster seems to be pretty lame security wise. Makes you wonder if their security folks have won any Irish lotteries or helped out that poor Nigerian woman collect her millions?
it's called division of power. don't allow any one person the power to perform such a hack, and it raises the bar a lot.
If you mod me down, I will become more powerful than you can imagine....
Your language? Get over yourself. Did I miss the memo where the English who migrated to America suddenly lost their "magical English essence" which apparently comes from being on the soil where the language originally evolved? Kind of like how my sister is more closely genetically related to my parents because she still lives closer to them?
Both Brits and Americans speak descendants of earlier forms of English. Nobody speaks the English which was spoken when America was colonized. A language belongs to all its native speakers. By any sane measure there are at least 3 times as many native speakers of the various American descendants of early Modern English (the English of Shakespeare's era) as there are of the various British descendants of early Modern English. So, democratically speaking....
I swear, Brits attacking Americans for perceived arrogance (such as claiming the Internet is purely American) and then turning around and claiming English belongs to them are priceless.
P.S. The Angles, Jutes, and Saxons called from Germany and they ask that you Brits kindly stop butchering their language.
San Francisco values: compassion, tolerance, respect, intelligence
Maybe now we will know why Kerry forgot Poland...
I know this will get modded down but...
>thousands of minutes of erotic movies
TIP: say hundreds of *hours*. Saying minutes really implies your target audience don't umm, last very long IYSWIM. Not good marketing to insult them up front.
I want a list of atrocities done in your name - Recoil
And the WWW was originally designed by that well known Briton who was living in France and working in Switzerland...
Beside the articles is written from the POV of the British reader, being as it's on a British news site and it was necessary to distinguish it from the UK portal.
Not everyone lives in the US you know...
The Dutch bank was attacked by the 'man in the browser' type of trojan, which cached the output from the challenge-response between user- and bank. This bank by default performs two challenge-response sequences;
- geld-van-klanten-ABN-Amro-update.html
/steven
1) when loggin in
2) when confirming a transaction
A third, is performed when transferring large amaounts of money.
Appearently, the trojan told the customer the first attempt had failed, (while in the background preparing a transaction, which could be verified by the bank, because the client was so kind to re-autenticate (this time to the transaction challenge, while they were still thinking it was the login challenge)
Here's the story (in Dutch, hurrah)
http://tweakers.net/nieuws/48895/Virus-ontfutselt
/steven - "Sleep is a totally inadequate substitute for coffee."
It's true I tell you, feller at work's next door neighbour read it in the paper.
:-) Now that's the kind of contribution from a Brit which I love: classic British irony. Nicely done.
San Francisco values: compassion, tolerance, respect, intelligence
If you take a look at the history of the English lingo, it was easily recognisable as far back as the 14th century, and discernible all the way back until 900 AD if you really don't mind squinting.
My point is that essentially, US English really isn't much of a shift at all away from English English, which is why many Brits will say that "it's our language". Personally though, I don't think anyone 'owns' a language, but recognition of origin is always nice.
And yes, English language is more or less the same as it was when the US was colonised. Things have changed for sure, but if it's variations you're looking for, you need not look any further than the UK itself - every major city has a variation of English far more extreme than US English will probably ever be.
throw new NoSignatureException();
Nothing. Absolutely nothing.
The story's all over the media and the internet, Symantec has a blog post and a virus writeup, and what's on the front page of Monster? Not a damn thing. No "your personal info may have been stolen", "hey, yeah, that data breach thing, we're looking into it", no acknowledgement of any kind. Their press page contains bulletins about the Monster Employment Index and their top ten workplace etiquette tips. Looks like we're going to see another good example of how not to handle negative press related to a security issue.
There is a spellbook here; eat it? [ynq]
Is it strange that I trust the thieves with my data more than Monster.com?
The sort of anti-spider technology you describe was in place years ago and likely still is; think of the trade value of Monster's data. Now, instead of the traditional overly active account from an identifiable netblock imagine someone using their own zombie network to scrape a single resume/job/data an hour from across a few thousand machines. Wild speculation on my behalf but it's easy to fly under the radar if you try. (There are probably plenty of people competent enough to avoid common active countermeasures, story at eleven.)
Everyone knows that. I never met a single person ever who ever got a job through monster. Or even got a callback. I doubt 1% of the listings on Monster are real.
I'm betting this stuff is espionage to get private data on Americans. At work we have been inundated with "greeting card" phishing over the last six months. The retards running our IT department seem helpless to stop it. I tried whining about it and got blown off. We're talking a top defense contractor here.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
As a recruiter i regularly look at several hundred CV's off Monster in a day and part of the payment plan is x ads per month and unlimited CV search. If they limit it they will have to reduce prices or lose subsribers. Remember it's us that pay not the candidates.
That is also why we have no remote access to the office network and it all lives behind a centos server. We want someother agency to be an easier target for id theft than us. In the UK we have to keep records of all candidates for 1 year after we last deal with them by agency law so the big agencies probably have similar numbers of records to the jobboards floating around their systems.
I've been using Monster.com since it was a gopher site called "occ". These days, I keep a resume on that site as a matter of course (which needs to be updated).
Besides job hunting, it's also an excellent tool for getting a feel for what the market is like in a given industry center. Today, for example, I'm pretty happy with my present gig, but I still keep a resume on Monster.
A goal is a dream with a deadline
That's one way to get my resume out there!
Nothing to see here. Move along.
I think the name kind of gives you a clue here ... 'English' as in 'the language of the people of England' (or more specifically 'the language of the King/Queen of England'*).
It is sort of like an open source project. When you break away from the group and establish your own project, you loose the modification rights over the original code base. If you want to take the basis of the language and evolve a new fork, called say 'American', then go for it.
* Yes, the Scots, Welsh and Irish have their own distinct languages too, but history says that the King who won was the King of England**.
** This was not necessarily a GoodThing(TM).
And that's just in the last year alone. My former employer had a security breach last year; the university I graduated from had been compromised; and the incompetent state government lost a tape. My father and sister received letters from the state confirming this, but I haven't (yet.) Now just what I needed was a FOURTH avenue of attack, and yet I am one of the most careful (some may even say paranoid) people you'd ever meet. (I never trust the Internet for on-line transactions, seldom ever touch credit cards, etc.)
And my confirm-I'm-not-a-script image is "shreds," which is precisely what I do to unwanted snail-mail. I am getting sick of these breaches!
Didn't Monster just fire a lot of people? I'm guessing they let someone go who has access rights that weren't revoked (or happened to know someone login info who wasn't fired) and that person decided to 'get back'.
'the language of the King/Queen of England'*).
You mean french?
I laughed at the weak who considered themselves good because they lacked claws.
Just let them try and use the info in my resume - da bastards! See what happens when all my resume padding bites them in the behind.
Why, no one will believe it's actually me with the BS I skillfully weaved in that baby. Take that you dastardly hackers!
Oh... wait... maybe that's why I haven't gotten any phone calls yet.... damn.
Sigh. More cluelessness. I feel like a Biologist talking to a roomful of creationists. By your logic ("it is what you call it") all the Native-Americans should be citizens of India, right? And Amerigo Vespucci is the... I dunno, inventor of America?
Look if you guys want to jump into the debate, at least read the points I'm making in the other posts, and maybe read up on the relevant fields of Linguistics.
I'm obviously not getting through to anyone, which I should be used to by now.... everyone thinks they're an expert on Language. Maybe another Linguist wants to take it up; I'm done here.
San Francisco values: compassion, tolerance, respect, intelligence
Slashdot: Helping those who sell porn to have better ads...Stuff that matters!
There are two types of people in the world: Those who crave closure
I hate Monster. Nothing ever works there. All the forms to fill out are always broken to hell. It's fun having to answer questions on forms when the part of the text that tells you what the question is about is cut off. It's always a treat when something I want to apply for can only be done through monster and I have to deal with a page full of script errors and missing text, or that won't accept Canadian data on a Canadian form because it's not valid US data. It's even better than it will only allow you to give an answer with numbers, where it's out of context. Binary must be in this year.
Just about the only thing that works correctly is the offer to join the Columbia House DVD club every 3 times a page loads.
So it's nice to hear they got fucked up the ass. May your bleeding asshole be front page news.
here's what I found..
http://help.monster.com/besafe/
I don't know if what they are talking about is related to this or a separate problem however.
A goal is a dream with a deadline
As someone else mentioned, it's "our" language because it's English. "Your" language is American. American is a derivative of English that branched off with colonisation, while 'modern' English is the continuation of older English that has remained in England.
;)
;)
If you want to be picky then we speak British English, but people don't tend to say "he speaks British" where as they do say "he speaks American" for American English.
I think you did miss the memo, though. Anyone who emigrated to America became (eventually) American. Yes they have English/British heritage, but they're still American
As for the Angles, Saxons and Jutes, that's apples and oranges. We developed their language and it gained a different name. Americans speak American and often insist on just calling it English (like the amount of times I've seen games install as "English" then use "color"). Not quite the same situation
From that definition then IMO you'd be showing an international or non-American PoV, but not an "un-American bias". Bias implies some form of degradation or improvement in opinion based on a PoV. PoV is just the point of view with regards who "you" are and what's local (and for the BBC then British is local) with no particular changed opinion.
My original suggestion of "anti-American" was because the OP seemed to be saying that it was some form of racial bias that we were specifically picking out the Americans as if they were different when they were a large proportion of the Internet.
Does this mean monster may be offering ID Theft Protection for 1.6 million people? Hasn't it been the case with previous data theft cases like this that the company provides ID monitoring or protection like in Ohio?
Launch every sig.
Actually, I used to work at Monster and they were very strict about this. They had several levels of spidering detection and prevention, both at the data level and iis request level. I'm curious how this bypassed those throttles.
This is just one out of many issues of malicious persons using job posting websites to harvest data for their scams. It's a shame job posting websites don't work. They could potentially provide a very valuable service, especially to those who currently have a job but are looking for a new one. Unfortunately, they also provide the perfect environment for phishing attacks. I received the email this article talks about. Lucky for me I wasn't desperate for a job at the moment and decided installing this program sounded risky. Had I been out of work a for a few months I might have not thought as clearly. I would also like to point out that monster.com seems to take more precautions than other job posting websites namely careerbuilder.com. I posted my resume on careerbuilder and have regretted it ever since. Only two postings are on the entire site: "get paid to take surveys" and "join the national guard" and have opened my email account to a flood of spam. In my personal experience the best way to find a job is to visit a career fair at a local college or university.
None of us are Anti-American. What has the continent of America done wrong? We are anti-USian, as the US is the only country to bomb others for a simple disagreement.
If you want your intarweb, go ahead and keep it. While the rest of the world moves on with a better Internet and burries you USians in the dust. You will not be able to export as we, the rest of the world, will eventually not purchase any of your exports. Oh wait, you don't export anything of any value. What you do export is information and information wants to be free. So by buring yourselves in huge deficits you will eventually be in a permanent depression and suffer a total economic collapse while the rest of the world will flourish without imperial US trying to take over the world.
Signed
---The Rest of the World
Because Monster sure hasn't helped me get a good job yet.
Maybe the best thing that occurs from all this is we, on the sidelines, learn from their mistakes.
I'd love to, but then I'd actually have to RTFA, and I don't have time today. I have to get a copy of my birth certificate and a visa, so I can help out my new Nigerian friend with a lucrative situation.
Don't worry if you're a kleptomaniac, you can always take something for it.
Monster never did anything for me! It's probably because........
There are tons of valid employer accounts used to harvest contact information about persons seeking employment. Monster.com and CareerBuilder allow that every day because they pay for the information.
WTF does this have to do with anything? This is about Monster.com and data disclosure, not gratuitous bashing of a Linux distro. Yes, we get it, you don't like Ubuntu. If this were an article about Linux, that would be one thing, but this is not the place. Mods, please rate parent offtopic or troll, it fits either (as it regards this particular article)
"This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
Yes, it's a bit off-topic. But it's interesting to note how "obvious" it is to make these considerations for a database, and how they were completely overlooked on a distro that's supposed to be "easy" for newcomers. People gave me crap for criticizing the design of Ubuntu, and yet here this guy gets modded up for making my EXACT SAME CRITICISM, i.e., that no one sat down and said, "okay, if X goes wrong, how bad are the consequences? What can we do to minimize that?" The failure of GRUB locks you out of getting internet help or burning CDs with that computer, both of which are the main troubleshooting tools -- I'd say that's pretty severe. And yet it all could have been avoided if I had confined Ubuntu to a secondary hard drive, which I would have done had not GRUB been arrogantly "HIGHLY RECOMMENDED".
So, don't get upset when I say Ubuntu's designers didn't follow basic software design principles.
Apology to Ubuntu forum.
Did anybody even bother to read TFA??? The victims of the attack were recruiters, not candidates. Most recruiters I've heard about, with some exceptions, aren't the most technically minded shall we say.
More interestingly, the recruiters' accounts were configured to send out emails with a bit of malware attached, which encrypted user files, such as documents. Fortunately, the the encryption was fairly weak, and I hear most of the files were recovered.
I actually heard about this several weeks ago from a friend who works at an undisclosed government agency that was hit by this. I'm surprised it took this long to report.
Monster.com has historically taken a nonchalant view about abuse of their site, up to and including their own "employers" sending out bullshit spam through their relays.
It's therefore no surprise to me that something like this happened and they did nothing about it. It's not a matter of "what could they have done" it's more their ability and willingness to handle these matters.
I know a couple of people that worked at monster.com and they didn't have pleasant things to say about their organization. Maybe this slap in the face will wake them up.
But don't hold your breath. Money is money.
what makes you think thats a brit?
:
"yeah?
yeah?
c'mon,
you wanna fight now then?
fucking wanko
I'll fuckin knock ya out!"
-that would be more like the average brit, if you go to the Uk these days.
as it has been noted - the language used in the parent comment is the root of American & Australian& British english.
I'll give you a metaphorical pound for every (living) person in the uk who ever says "tallyho, what up, old chum?"
www.tdobson.net #### Dare to Dream #### blog.tdobson.net
what makes you think thats a brit?
The username "Bloke down the pub" and his sig; Sure it's an assumption, but I felt it was a fairly safe one. Maybe he'll correct me if it was wrong...
The way he was speaking in the quote was obviously ironic and I didn't take that to mean anything other than that he's funny.
San Francisco values: compassion, tolerance, respect, intelligence
Dude, I'm not upset because of your opinions on Ubuntu. I could not care less about what you think of Ubuntu or GRUB. What I care about is the thread-jacking. How should I put it... this is not an article about Linux, Ubuntu or GRUB. The post you are referring to is talking about design considerations from a security perspective as it regards user access. Specifically Monster.com.
Ubuntu has fuck all to with anything in this context. You thread jacked, so either troll or off-topic is only appropriate here.
"This calls for a very special blend of psychology and extreme violence" - Vyvyan "The Young Ones"
sorry, it just....
I don't like some American stereotypes of Europeans... that's all... i should have realised slashdot by definition is full of people who are relatively broad minded
again
apologies
www.tdobson.net #### Dare to Dream #### blog.tdobson.net
What I care about is the thread-jacking. How should I put it... this is not an article about Linux, Ubuntu or GRUB.
... then it's not so stupid of an oversight, now, is it?
Well, logically, "This isn't 'about' X, it's about Y" is an invalid argument, and in my experience, used exclusively by people who can't (or don't bother to) reconcile the contradictions in their beliefs. For example:
"You shouldn't shoot trespassers because that involves violence."
"Fighting in a war involves violence too; should no one ever be a soldier?"
"I'm not talking about soldiers, I'm talking about shooting trespassers."
Or, more Godwinesque (I forgot who said this):
"I won't let Jews in my university because a lot of them cheat."
"A lot of non-Jews cheat too."
"That's irrelevant. We're talking about Jews here."
When you appeal to a general principle as a justification, but selectively apply that principle (or not) only when it's convenient, those inconsistencies become relevant.
The OP was originally talking about how obvious, how common-sense it is to think "Okay, what's the severity of failure mode X? What can we do to mitigate X?" And how *stupid* it is not to consider such things. But then when a widely-lauded "user-friendly" Linux distro's programmers failed to do exactly this, well
Apology to Ubuntu forum.
Fuck off, troll. There are other websites you might like better, and you might be liked better there.
Why did we hear about this on the news? Why didn't Monster notify the users first?
No problem dude; that's very gracious of you :-) I get riled up by European stereotypes of Americans so I can understand ;-) After all, I'm an American who's lived in Germany for 12 years and spent a couple of years of that making regular business trips to the U.K. so I get it coming and going :-/
San Francisco values: compassion, tolerance, respect, intelligence
Excuse the A/C posting, but I feel it's warranted here.
I worked for these guys on a temp basis for about six months. There's a high turnover of temps/agency workers as well as staff in general, particularly in sales where there's a lot of competition for employees with a proven sales record.
A lot of these employees never have their own accounts on the Monster network. They are given their line manager's login/password and left to their own devices.
Just before I left the company they announced BIG layoffs.
So, high staff turnover. Lots of pissed off soon-to-be laid off employees. Widespread access to manager's accounts, with the ability to retrieve and modify data held on clients and users alike...
Is this kind of news really any wonder?
What is this "What up" of which you speak? I regularly greet my acquaintances with a cheery "What-ho, old chap" and can often be heard yelling "tallyho" as I ride off on the thrill of the hunt* in my spanking red uniform with baying hounds at heel, but never have I uttered "what up". To my finely attuned ears it almost sounds like the language of yobs with their lower-class call of "what is up".
Now, I demand you hand over a metaphorical pound so that I may deposit it in my metaphorical savings account. And no metaphorically handing it over - that would just be unsporting and definitely not cricket.
* I've never actually gone hunting, and don't plan to. I've never ridden a horse for one thing!
"That's what I was thinking... like, aren't MORE people seeing those resumes now? Isn't that a GOOD thing?"
Plus the amount of information isn't any greater than putting your CV on your website.
"Then again, hindsight is 20/20. Maybe the best thing that occurs from all this is we, on the sidelines, learn from their mistakes."
Don't aggregate data in one spot. Put your CV on your website and have recruiters seek you out via Google.
Received:Hi uberwiz9 .stm
...
Received:Thank you for contacting Monster, my name is Yashwant, how may I help you?
Sent:i read there was a security breach at monster
Sent:any way to find out who (if i) was in the list compromised?
Sent:and what info was stolen?
Received:uberwiz, I can help you with this
Received:May I have your full name and email address please?
Sent:[EDITED OUT]
Received:Thank you so much
Received:uberwiz, No info has been stolen from http://monster.com/ database..
Received:Few entities are using http://monster.com/ domain and spoiling the name..
Received:It is in your best interest to disregard the news
Received:you are inquiring about an spoof that is using Monster domain information.
Received:Please do not worry and have faith in http://monster.com/
Received:http://Monster.com has a dedicated fraud and compliance team which will take care of the issue..
Received:http://Monster.com is a secured site..
Sent:So this article:
Sent:http://news.bbc.co.uk/1/hi/technology/695634
Sent:is false?
Received:Yes, uberwiz
Received:It is a false news!!
Of course I don't believe for a second that this monster.com support person had a clue but apparently they are denying it.
I thought this was just another one of those pecker enlargement scams.
Have gnu, will travel.
Technically, we don't know that this isn't the case. Look at the article again:
Correct me if I'm mistaken, but the article doesn't say anything about how many resumes were stolen or how the breach was discovered. The server had 1.6 million resumes available, but for all we know the program downloaded 200 of them before hitting a maximum download quota. I'm not saying that that's necessarily what happened; I'm just saying that we don't really know what happened without more information.
There's nothing you have that they can't take away: Absolute zero, Gentle Jack, bottom line.
What are people worried about?
They stole resumes!
I highly doubt there is any real, non-falsified personal information in any of those! Not if any of the resume's I've ever seen have been any indication.
I am government man, come from the government. The government has sent me. -- G.I.R.
Mr. Monster,
Watch my lips!
V-A-U-L-T-E-D,
O-U-T-B-O-A-R-D,
O-F-F-L-I-N-E,
H-A-R-D D-R-I-V-E(-S).
Expect an invoice @ only $1 per resume
for that bit of high-tech security advice/consultation/sys-analysis,
sent via secure snailmail or courier -
because you need it badly?
Your custom is appreciated!
RR
No, it is the other way round. I'm suggesting we use the right name to describe things, so more like "call it what it actually is" than "it is what you call it".
The people you describe as Native-Americans aren't from India, they are American, so we shouldn't call them Indians. That is a name imposed on them by the European colonists. They had perfectly good names for themselves before we invaded, we just ignored them.
From Wikipedia : http://en.wikipedia.org/wiki/Indigenous_peoples_of _the_Americas
ps
Most definately not - Apologies if my comments are naive, I freely admit that I'm not an expert.However, I am a native of England.
Europeans? Don't go lumping Her Majesty's subjects in with them, you bounder!
It's true I tell you, feller at work's next door neighbour read it in the paper.