Blog Entries

Symantec Corp. has reported that 1.6 million records from the popular job posting site Monster.com have been stolen.  The stolen information includes names, e-mail addresses, home address, phone numbers and resume identification numbers of people who posted their resumes to the site.   Hackers were able to gain access to the personal information by compromising the user names and passwords of individuals who have privileged access to Monster.com.  Monster gives some recruiters and human resources personnel access to this very sensitive information to make their jobs easier, but incidents like this one can happen if even one person loses their login information.

Attackers used the information they gained to send phishing emails to the victims which fraudulently claim to be from Monster.com.  Any users who clicked the link in the email had malware automatically downloaded to their computer which attempted to steal bank account details, credit card numbers, and other highly personal information.

In the future, Monster should rethink their access control policies to prevent incidents like this one from occurring.  They should provide better training to users with access to sensitive information and have strict guidelines concerning the handling of login information.  An ongoing monitoring system that watched for suspicious activity, like downloading the information for more than a certain number of people at a time, could have greatly reduced the number of people affected by this break in.