US job website Monster.com hacked

[SoBadSnake]

Monster attack steals user data

Monster is a leading online jobs service

US job website Monster.com has suffered an online attack with the
personal data of hundreds of thousands of users stolen, says a security
firm.
A computer program was used to access the employers' section of the website using stolen log-in credentials.
Symantec said the log-ins were used to harvest user
names, e-mail addresses, home addresses and phone numbers, which were
uploaded to a remote web server.

The stolen data could be used to send phishing and spam e-mails.

"This remote server held over 1.6 million entries with
personal information belonging to several hundred thousands of
candidates, mainly based in the US, who had posted their resumes to the
Monster.com website," reported Symantec.
Security breach
The firm has contacted Monster.com to inform them of the security breach.
Symantec said it had seen reports of phishing e-mails
sent out to Monster.com users which were "very realistic" and contained
"personal information of the victims".
The e-mail encouraged users to download a Monster Job
Seeker Tool, which was in fact a program that encrypted files in their
computer and left a ransom note demanding money for their decryption.
"To the best of our knowledge, this is not a hack of
Monster's security, rather, legitimate customer credentials are being
used to log in to the database," said Patrick Manzo, vice president of
compliance and fraud prevention at Monster.
He added: "There have been reports of this as an issue of identify theft.
"We are not aware of any cases of identity theft. In
fact, the information that is gathered from Monster is no different
than that displayed in a phone book."
The program used to access Monster.com user data was a
Trojan, which are commonly used to gain access to bank details,
usernames and passwords.
More than 8,000 new variants of Trojans are found each month, according to internet security specialists Sophos.
Last year, a British nurse was blackmailed by hackers who had used a Trojan to access her personal e-mails.
They threatened to reveal personal details unless she paid them.
Symantec said users should always limit contact information posted to job websites and to use a disposable e-mail address.

"Never disclose sensitive details such as your social
security number, passport or driver's license numbers, bank account
information to prospective employers until you have established they
are legitimate," said the firm.







Aahahahahhaha too funny =]

[Clemus12]

OMG!! whay would anyone think of doin this

[MGSfan32]

I was about to say that!

[Clemus12]

I was about to say that!

well looks like i beat you to it...

[havoc802]

wow this is crazy

but nothing will beat the time when RIAA got hacked

[EliteZero257]

i'd hate to b apart of that job...but it could happen to any site...it was a 1 in a 156,000 fluke....

[Sponsored content]