Slashdot Mirror

← Back to Stories (view on slashdot.org)

Monster.com Attacked, User Data Stolen

Posted by Zonk on from the rarr-snarl dept.

Placid writes "The BBC has an article detailing a successful attack on the US recruitment site, Monster.com. According to the article, 'A computer program was used to access the employers' section of the website using stolen log-in credentials' and that the stolen details were 'uploaded to a remote web server'. Apparently, this remote server 'held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website'. The article also links the break-in to a phishing e-mail sent out recently where personal details were used to entice users to download a 'Monster Job Seeker Tool.'"

4 of 196 comments (clear)

  1. Symantec has a very detailed explanation of it by indraneil · · Score: 5, Informative

    Symantec's explanation
    The trojan (Called Infostealer.Monstres) seems to be using HR login details (possibly stolen) to access hiring.monster.com and recruiter.monster.com sub-domains and download candidate information. It also seems to be similar to a previously known trojan called Trojan.Gpcoder.E
    Symantec estimates that 1.6 million people (mostly from USA) have been impacted.
    They have informed Monster about it

  2. Monster doesn't help anyway--why use it? by Anonymous Coward · · Score: 3, Informative

    Monster and Dice are just meat markets. Relatively few people actually get jobs there, at least in IT. The real way you get a job is to know someone and have a good network of people. That's how I got my job, Monster and Dice never helped me. They're more like "cattle calls" for movie parts. Who knows, maybe Monster and Dice sell the email address lists to spammers...for the right price?

    Speaking of spammers, this is for you spambot email harvesters.

  3. Re:"US recruitment site"?? by IBBoard · · Score: 4, Informative

    ...you have an un-American bias

    We'll stop calling websites for the USA "US Websites" when you stop butchering our language. The word you were looking for is "anti-American" ;) "un-" means "not", "anti" means "against", you meant "bias against America" not "bias that's not American".

    Also, if you check your history then Europe created the public WWW (with the CERN site in France/Switzerland) and it was a Brit, Tim Berners-Lee, who first developed HTML and worked on the original HTTP specification (Wikipedia references).
  4. Re:Phishing Attack by Anonymous Coward · · Score: 1, Informative

    DPA says remove details as soon as not needed, Conduct of empoyment agencies and recruitment businesses regs 2003 + employment agencies act 1973 require us to keep details for 1 year after last contact. We have to be able to show them if audited.

    Therefore DPA requires us to delete at that 1 year period and not before

    By the way all our CV are on a system with no remote access hidden behind a firewall running on a centos based server.