Application security, Breach, Data Security, Incident Response, Malware, Phishing, TDR

With economy in tailspin, Monster discloses major breach

Attackers breached the database of to siphon account and contact information belonging to users, the job site has revealed.

The thieves were able to access the database to steal data such as names, phone numbers, IDs and passwords, email addresses and basic demographic information. As a result, the company -- which did not reveal how many victims there were -- said it soon may require users to change their passwords.

Federal government career site USAJOBS, for which Monster is a technology provider, also warned users about the breach.
In addition, given the nature of the data stolen, victims should be on the lookout for phishing attacks that may result, SANS Internet Storm Center handler Joel Esler warned on the organization's blog.

"In order to help assure the security of your information, you may soon be required to change your password upon logging onto the site," Monster's Chief Privacy Officer Patrick Manzo said in a Friday letter to users. "We would also recommend you proactively change your password yourself as an added precaution. We regret any inconvenience this may cause you, but feel it is important you take these preventative measures."

Manzo reminded users that Monster never will send an unsolicited email requesting users to update their account credentials.

Corey Thomas, vice president of product management at Rapid7, provider of security advisory services, told on Monday that hackers were able to crack Monster's database by obtaining privileged credentials -- either through social engineering or site compromise.

"Lots of companies make broad assumptions about what users can and can't do," he said. "They don't look at how secure you are once you get into the perimeter."

This is not the first time attackers have besieged to steal data. In 2007, they used stolen login credentials to gain access to the site and then spread a trojan to capture names, email addresses and telephone numbers of job seekers. A similar attack occurred three months later.

The recent hijacking comes at a particularly inopportune time for Monster, when many job hunters are turning to the site to help them find work amid a flailing economy.

Anti-spam firm AppRiver warned in its 2009 threat forecast report that cybercriminals likely will place increased focus on sites such as Monster, LinkedIn and CareerBuilder because "with increased traffic comes an increase in the amount of personal information shared."

But Thomas said that no matter the state of the economy, sites such as Monster will be targeted.

"Any site that has massive amounts of confidential information is going to get used [in attacks]," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.