(2 votes, average: 10 out of 10)
Loading ...One Monster of a breach
The theft of personal information among Monster.com customers may be a textbook case in the making. This wasn’t a sophisticated database hack but the use (probably) of social engineering to get legitimate passwords and then use duplicitous phishing schemes to trap those users. Most intriguing to me is not necessarily the extent of the problem or the methods involved but the choice of target in the attack.
We would normally consider bank customers, insurance customers or those with information in government databases as the biggest data repositories to worry about. As for job seekers, who cares? But on the other hand, what better way to find all kinds of details that would be used, conceivably, to make your pharming site look like a more trustworthy source? Some of the resumes in Monster’s database probably include not only the user’s personal details, but that of their references. It’s like having someone walk off with an attache case full of your biographical details. Scary.
Maybe it’s time for all of us to do a personal inventory of where we’ve posted our data, and whether that might one day become a target too.
August 27th, 2007 at 9:28 pm
I have read that monster had more than 73 million CVs in its database. If I had a monster account and used the same user name and password for other log in’s - I would definitely be thinking its time to change those.
Symantec’s advice is good to share with friends and family: always limit contact information posted to job websites - use a disposable e-mail address.