Tuesday, August 21, 2007

Monster Identity Theft Impacts 1.6 Million

Monster.com, a leading U.S. based resume search service, was the
recent victim of a computer hack which impacts as many as
1,600,000 people according to the security firm Symantec.

According to the story reported by the Out-Law blog, hackers
used a Trojan Horse to access Monster.com by impersonating
an employer:

"The Trojan appears to be using the (probably stolen)
credentials of a number of recruiters to login to the
website and perform searches for resumes of candidates
located in certain countries or working in certain
fields," said Symantec...

The story further sheds light into what sensitive personal
information was compromised to what will likely be future
identity theft potential:

"The personal details of those candidates, such as
name, surname, email address, country, home address,
work/mobile/home phone numbers and resume ID, are
then uploaded to a remote server under the control of
the attackers," it said. "This remote server held over
1.6 million entries with personal information belonging
to several hundred thousands candidates, mainly based
in the US, who had posted their resumes to the
Monster.com web site."

Following the typical pattern of companies which have
allowed consumer data to be exposed to identity theft,
the usual process of issuing press releases claiming
no harm has been done has begun:

"We are not aware of any cases of identity theft. In fact,
the information that is gathered from Monster is no
different than that displayed in a phone book," said
Patrick Manzo, vice president of fraud prevention
and compliance at Monster.

Perhap, but are you willing to bet some enterprising
identity theft hackers would not have gone through all
of the effort to steal sensitive consumer data if it were
already widely available from any phone book?

So, our tip for today is for any consumers who have
or currently utilize the services of Monster.com.

Contact the firm immediately to verify your personal
information has not been compromised. Plus, even
if Monster.com does not admit to your data having
been illegally accessed by the identity thieves, it is
highly prudent for you to immediately institute credit
monitoring as well to conduct a background search
your good name.

The cost of inaction, in this case, can ultimately end
up costing you far more.

Final end note, make sure to tell your friends of this
large scale computer hack which has the potential for
the largest identity theft case this summer.


At 9:30 AM, Anonymous Joelle said...

I am interested in hearing the responses to the Monster identity theft issue. Our company certifies resumes for job seekers so that they don't have to give out their SSN and DOB to every potential employer during the interview stage. Job candidates would just provide secure access to potential employers to view their certified profile.

The idea is to reduce the online exposure to your data. You can limit what data is displayed. For example: You can display your initials and job titles. Our certification comments would be the main items displayed because that is what potential employers are seeking: data confirmation.

But, does everyone think that this is still too much exposure? We would love to hear your comments: info@verify-ed.com

At 1:31 PM, Anonymous Anonymous said...

I'll tell you this much, I got a email from the CEO of Monster.com the other day which represented a very interesting response to this crisis involving their members.

While the man did admit they had suffered a large scale data breach, he didn't really provide any concise and easily understood language as to what the company intends to do to either compensate members impacted by this or to assist with further identity theft problems arising from their breach.

From reading through the text of the CEO's response, I got the sense that his email really had been written by a PR spin master with the assistance of a lawyer.

Why not just come out and say "we're sorry and we will pay for credit monitoring"?

Don't these big companies have an obligation to do so?

Afterall, it was Monster.com who lost the data, not me?

At 2:29 AM, Anonymous Steve Cabouli said...

I think the recruiters who had used the service of monter.com somewhere in the past has not kept their identity with the monster safe. This is another incident of stupid act by the identity theft criminals. As the report suggests the people who were affected by this incident of identity theft is huge.

I would say that it is better to keep our personal information safe while contacting a recruitment company for submitting the resume.

At 12:27 AM, Anonymous Resume Search said...

A very well briefly written post, with lots of useful information.


Post a Comment

Links to this post:

Create a Link

<< Home