Slashdot Mirror

← Back to Stories (view on slashdot.org)

Monster.com Malware Tags Another Site

Posted by CowboyNeal on from the trust-no-one dept.

bl8n8r writes "The first wave of problems for Monster.com came in the form of malware as recruiters cluelessly pointed trojaned Windows systems into Monster's database. The incident reportedly gleaned more than 1.6 million records from the job search site's database. The second incident followed two days later in the form of an infected Monster.com server pharming out malware by way of advertisements hosted on its websites. The latest incident now shows jobseekers using USAJobs are also at risk from the pharmed Monster trojan. The worst part is Monster.com seems to shrug it off with: 'As is the case with many companies that maintain large databases of information, Monster is from time to time subject to illegal attempts to extract information from its database. Despite ongoing analysis, the scope of this illegal activity is impossible to pinpoint.'"

3 of 50 comments (clear)

  1. Text of the email Monster sent out by Anonymous Coward · · Score: 1, Interesting

    Below is an email Monster sent out to account holders. I was expecting a sincere apology with perhaps an offer for free credit monitoring. Instead, when they have a security issue, they invite their users to be more savvy about the internet.

    Note their directions on "HOW TO BE A SAFE INTERNET USER". If perhaps they had taken their own advice, maybe we wouldn't be in this situation?

    --

    Dear Valued Monster Customer,

    Protecting the job seekers who use our website is a top priority, and we value the trust you place in Monster. Regrettably, opportunistic criminals are increasingly using the Internet for illegitimate purposes. As is the case with many companies that maintain large databases of information, Monster is from time to time subject to attempts to illegally extract information from its database.

    As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded to this specific incident by conducting a comprehensive review of internal processes and procedures, notified those job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records.

    The Company has determined that this incident is not the first time Monster's database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a "phishing" email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other websites.

    We want to inform you about preventive measures you can take to protect yourself from online fraud. While no company can completely prevent unauthorized access to data, we believe that by reaching out to job seekers like you, the Company can help users better defend themselves against those who have attacked Monster as well as other databases.

    We are committed to maintaining an ongoing dialogue with all of our job seekers about Internet security and the steps Monster is taking to protect its job seekers. The Company has placed a security alert on Monster sites offering information to educate you about online fraud. This information can be found at http://help.monster.com/besafe/. We have also included information on Internet safety and examples of fraudulent "phishing" emails at the bottom of this letter.

    Monster has launched a series of initiatives to enhance and to protect the information you have entrusted to us. Some of these steps are being immediately implemented, while others will be put into place as appropriate.

    We believe these actions are the responsible steps to protect the trust you place in Monster. We are also working with Monster's hundreds of thousands of employer customers to ensure a safe and effective online job search. We will continue to share information with you about the enhancements we are making as we serve as your online career resource partner. We invite you to keep reading to learn more about how to use the Internet safely.

    Sincerely,

    Signature
    Sal Iannuzzi

    Chairman and CEO

    Monster Worldwide

    HOW TO BE A SAFE INTERNET USER

    Every Internet site in the world is facing the growing issue of fraudulent usage of information, and we want to work with users around the world to stop this practice - please keep reading to

  2. pass the buck by spyrochaete · · Score: 2, Interesting

    Monster really did shrug off this attack. They haven't responded to my email about whether my data was comprimised. All I got was an email saying that their databases had been breeched, followed by instructions on how *I* should surf the web safely. One of their recommendations was to contact companies by telephone instead of the web.

  3. Re:pee in the pool by Anonymous Coward · · Score: 1, Interesting

    Isn't part of the anti-RIAA argument that downloading music helps advertise and increases sales? You'd think with something like a resume, in which the sole purpose is to be seen by people in the hopes that they'll give you money, there would be little reason to be upset about its dissemination.