Monster.com Data Theft Reported
News, earlier today, of an apparent breach of both the Monster and USAJobs sites by unknown assailants. The company, not known for their high level of information security competency is NOT planning on notifying customers, job seekers, and others via email. A short snippet from both SANS ISC and PCWorld appears after the jump.
From PCWorld.com: “Monster.com Reports Theft of User Data“
“Monster.com is advising its users to change their passwords after data including e-mail addresses, names and phone numbers were stolen from its database. The break-in comes just as the swelling ranks of the unemployed are turning to sites like Monster.com to look for work. The company disclosed on its Web site that it recently learned its database had been illegally accessed. Monster.com user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users’ states of residence. The information does not include Social Security numbers, which Monster.com said it doesn’t collect, or resumes. Monster.com posted the warning about the breach on Friday morning and does not plan to send e-mails to users about the issue, said Nikki Richardson, a Monster.com spokeswoman. The SANS Internet Storm Center also posted a note about the break-in on Friday. USAJobs.com, the U.S. government Web site for federal jobs, is hosted by Monster.com and was also subject to the data theft. USAJobs.com also posted a warning about the breach…”
—
From SANS ISC: ” Monster.com and USAJobs.gov’s databases compromised“
“We got a tip from a reader (thanks David!), that apparently Monster.com’s database and USAJobs.gov’s database was compromised and information was stolen. To clarify, USAJobs.gov’s database is ran by Monster, as outlined in their post here. (Monster’s press release is here.) Quoting from USAJobs.gov’s website: “We recently learned that the Monster database was illegally accessed and certain contact and account data were taken, including user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. The accessed information does not include – sensitive data such as social security numbers or personal financial data…”
