Slashdot Mirror

← Back to Stories (view on slashdot.org)

Monster.com Data Stolen, Won't Email Users

Posted by Soulskill on from the security-specialist-wanted,-apply-within dept.

chiguy writes "There's been another break-in at Monster.com. It's surprising that there are still unencrypted passwords stored in database despite the previous hack, as is the decision to not email users — presumably so that no one will make a fuss. From PC World: 'Monster.com user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users' states of residence. The information does not include Social Security numbers, which Monster.com said it doesn't collect, or resumes. Monster.com posted the warning about the breach on Friday morning and does not plan to send e-mails to users about the issue, said Nikki Richardson, a Monster.com spokeswoman. The SANS Internet Storm Center also posted a note about the break-in on Friday.'"

4 of 200 comments (clear)

  1. No wonder by PutonBackBurner · · Score: 4, Interesting

    I went in to change my password to something over 25 characters, with letters (upper and lower), numbers and specials characters. It kept notifying me that the pass was not strong enough. I reviewed and followed the instructions, then extending it to over 50 characters. I received the same warning message even when clicking on the submit button - wtf?

    After several attempts, I tried logging out and logging in with the new pass. Guess what, it did change!

    Bad interface, bad notifications, bad programming , bad (or no) testing. No wonder they got had.

    I mean really, if you can't design and code a simple change password feature....

  2. Cancel Your Accounts by db32 · · Score: 5, Interesting

    If you have a Monster account cancel it and leave a note in the "why are you canceling?" box. Don't make it some rant, but make sure you explain that you will not tolerate their incompetence, their unwillingness to take security of their users personal information seriously, and their total lack of integrity by trying to hide the breech from their users. Then explain that you will try to get everyone you know to cancel their account for their own security. Finding jobs is all about networking...so is taking down misbehaving companies.

    --
    The only change I can believe in is what I find in my couch cushions.
  3. Re:Accountability by thethibs · · Score: 4, Interesting

    Actually, it was IBM and CS academics that did that. OS360 was released with a long error list and assurance that this was normal for a product of that size. It was this era that produced factors like one error per so many LOC, where "so many" ranged from ten to a thousand depending on the source.

    This was long before Microsoft existed and it didn't need much pushing. It was so self-serving that the software industry never argued against it. It also came just in time to meet a huge increase in demand for programmers that could only be met by lowering the bar for entry--so for most of the new crop of programmers, the predictions were accurate.

    The sad idea of calling programmers "software engineers" in the hope that a new name would make them more diligent has clearly not worked. Since most are paid by the hour without reference to quality or results, it's unlikely that anything will ever work in this environment.

    What's needed is a change in the business model that links payment to a finished, correct product. ISVs working on fixed-price contracts and firmware developers have very low error rates.

    --
    I'm a Programmer. That's one level above Software Engineer and one level below Engineer.
  4. Re:um by Ihmhi · · Score: 4, Interesting

    Then why don't they file it after the fact that they've hired the qualified persons? They don't need to know that data beforehand.

    --
    Random Thoughts From A Diseased Mind (Not For Dummies)