Slashdot Mirror

← Back to Stories (view on slashdot.org)

Monster.com Data Stolen, Won't Email Users

Posted by Soulskill on from the security-specialist-wanted,-apply-within dept.

chiguy writes "There's been another break-in at Monster.com. It's surprising that there are still unencrypted passwords stored in database despite the previous hack, as is the decision to not email users — presumably so that no one will make a fuss. From PC World: 'Monster.com user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users' states of residence. The information does not include Social Security numbers, which Monster.com said it doesn't collect, or resumes. Monster.com posted the warning about the breach on Friday morning and does not plan to send e-mails to users about the issue, said Nikki Richardson, a Monster.com spokeswoman. The SANS Internet Storm Center also posted a note about the break-in on Friday.'"

9 of 200 comments (clear)

  1. Accountability by Zironic · · Score: 4, Insightful

    When will companies face accountability for the damages they cause due to lax data security?

    1. Re:Accountability by homer_s · · Score: 2, Insightful

      What do you consider to be "private data"? I was on a call with a customer last week who wanted a simple refer-a-friend type app. - they consider first-name and last-name to be private info and want to know about encryption, firewall policies, etc.

      As a client, they certainly have the right to ask us to do all kinds of encryption (as long as they pay for it). But it is absurd what people consider to "private data" now.
      All this will do is make other data like SSNs - treat some publicly known data as an authentication and authorization token and cause all kinds of problems for people.

    2. Re:Accountability by I'm+not+really+here · · Score: 2, Insightful

      It's rather difficult to code with 100% correct code when the developer is expected to be the project manager, the software architect, the QA team, and the production migration team all on his or her own, and to get it done in 1/2 the time that he or she knows is the minimum amount of time needed to get the job done right.

      Add to that hundreds of different pieces of the core code being designed by different teams with little to no overlap in communications, testing, etc., and you get a nightmare - it's impossible to craft perfect code in this manner.

      Some companies are better at it than others, and break out the responsibilities, but without the entire team effectively being a borg collective, there are going to be lines of code in one developer's project that will break another line of code in a separate project. It's not a question of if, but of when, and how much are you willing to spend to get it fixed.

      At some point, the cost of perfection is so high that the customer would never be willing to pay the price needed for the company to still make profit.

      --
      Before commenting on the Bible, please read it first
    3. Re:Accountability by jmauro · · Score: 2, Insightful

      The issue is while the other products have defined and well used laws for product liablitiy, software does not. In fact the industry rejects and attempt to institute any sort of liablity procedures for them. As such, there would be a legal recourse for the owner of a house if the flaws in construction caused them to lose money or have loss of life, if software caused the issue there would be no legal recourse. Flaws in houses and cars tend to be minor things (paint chips, trim, etc), since the threat of real liablitiy cause the major ones (like safety) to disappear. In software the "minor" things are usually buried by the vast number of major things that the software manufacturers don't fix since it's not in their best intrest to do so, since really who will sue.

      It was a situtation setup when the software industry was a immature field in order not to crush it before it began, but has never been redone once it became mature and it also became clear that there should be and must be due diligence on people writing software.

    4. Re:Accountability by hot+soldering+iron · · Score: 3, Insightful

      Several points of your statement have been debated numerous times here on /.
      1) Software is expected to be perfect because the revision *only* requires a rewrite. No materials or tooling need to be changed to create a better program. (end sarcasm)
      2) Pointing to different consumer products as examples of acceptably flawed products isn't really accurate. Medical and Aviation are just 2 areas where flaws aren't acceptable. BUT... the rate of innovation is so low that it resembles a flat line because they have to test and bug-stomp all the way, at tremendous cost.
      3) Each area of industry has evolved its' own set of best practices, rules of thumb, acceptable quality control levels, etc... because they have a limited set of requirements to deal with. They have certain materials, tooling, methods, laws, profit margins, and expectations of customers to deal with. Software is limited in scope only by the human imagination, and thus presents an unlimited set of requirements and resources. The problem has few set limits, and thus is much harder.
      4) The design of a product is usually the cheapest part of the creation. They will redesign many times to save a little money on the tooling, materials, labor, packaging, etc... whereas design is the complete manufacturing stage for software. There aren't many opportunities to save money during the manufacture of the product.

      --
      When you want something built, come see me. If you want correct grammar and spelling, get a F*ing liberal arts student.
    5. Re:Accountability by jlarocco · · Score: 2, Insightful

      I disagree. For things that can cause loss of life, be a safety hazard (usually embedded stuff), or cause significant financial loss, software is held to the same standards as "regular" stuff. I'd say software even does a better job in that case, because, for example, most of the times when planes crash due to a defect, it ends up being a hardware defect.

      Fact of the matter is, for typical desktop software it's just not worth the trouble of removing every single bug. If you think Vista and OS X are expensive now, it's a small fraction of what they'd cost if they had to be completely bug free. It's significantly cheaper to just save frequently than it is to make the software 100% reliable, especially since it's a good idea to save frequently anyway in case of a hardware problem like a power outage.

      --
      Maybe not
  2. Re:um by htnmmo · · Score: 5, Insightful

    You don't think they make their money from posting jobs do you?

  3. Re:Why keep the data by CarpetShark · · Score: 2, Insightful

    I wonder why monster.com holds on to their data (especially e-mail addresses) for so long.

    Really? To e-commerce types, valid email addresses are like gold dust. Without them, you'll have a tough time launching your next site and getting its popularity built before your competitors do. With them, you can launch that site, spam all your existing customer with a thinly veiled "special offer" (note the "special" part which bypasses all "do not contact me" checkboxes), and you're in business.

  4. Re:um by Gojira+Shipi-Taro · · Score: 4, Insightful

    Congratulations. You gave them grounds to not employ you based on the fact that you falsified information on a resume.

    I don't disagree with your primary point entirely, but for goodness sake if you think that the result is sufficient evidence to prove discrimination, by all means file a lawsuit.

    Telling Slashdot isn't going to help.

    --
    "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump