PDA

View Full Version : Monster.com job site target of malicious activity



Luke A Slowik
09-04-2007, 12:20 PM
***WARNING TO ANY MONSTER.COM JOB SEEKER***

The Monster.com resume database was recently hacked into. Personal information, such as name, address, phone#, email, etc., was gathered by a criminal entity. Below is the letter that I received from Monster giving the details of the criminal activity. If you have an active resume on Monster.com be sure to keep a look out for illegal activity on your credit cards, bank accounts, etc.


Dear Valued Monster Customer,

Protecting the job seekers who use our website is a top priority, and we value the trust you place in Monster. Regrettably, opportunistic criminals are increasingly using the Internet for illegitimate purposes. As is the case with many companies that maintain large databases of information, Monster is from time to time subject to attempts to illegally extract information from its database.

As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded to this specific incident by conducting a comprehensive review of internal processes and procedures, notified those job seekers that their contact records had been downloaded illegally, and shut down a rogue server that was hosting these records.

The Company has determined that this incident is not the first time Monster's database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a "phishing" email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other websites.



Be suspicious of any email with requests for personal financial information.


Phishers typically include upsetting or exciting (but false) statements in their emails to get people to react immediately.
They typically ask for information such as usernames, passwords, credit card numbers, social security numbers, date of birth, etc
Don't use the links in an email, instant message, or chat to get to any web page if you suspect the message might not be authentic.
Instead, call the company on the telephone, or log onto the website directly by typing in the Web address in your browser.
You should only communicate information such as credit card numbers or account information via a secure website or the telephone.
Always ensure that you're using a secure website when submitting credit card or other sensitive information via your Web browser.



Additional consumer advice is available at http://www.antiphishing.org/consumer_recs.html.