01.25.09

Data Breach at Monster being plugged

Posted in Uncategorized at 6:11 pm by Jobblogger

News is spreading that  monster succumbed to it’s second database breach in the last 18 months

“We take this very seriously,” Nikki Richardson, spokesperson for Monster said. “We’re devoted to continuing to put significant resources toward the protection of our database, and no company in our business can completely prevent unauthorized access to data. We believe Monster security measures are as or more robust than other sites in the industry.”

Richardson declined to say when or how the breach occurred, but say that the persons responsible did not access resumes, social security numbers, or financial data.

In 2007 a Trojan Horse program accessed resume data belonging to over 1 million Monster customers. At the time, Monster explained plans to beef up security, but it appears the site is still vulnerable to attacks.

Based on the information provided, it would seem most accounts were unaffected on the seeker side – it was just the employers who might login to post jobs who should change their login information.

However, this story continues to develop, according to Read/Write Web  -  Monster.com Loses User Data Again


monster_jan_09.jpgUPDATE: Nikki Richardson, VP Corporate Communications at Monster Worldwide has replied to our e-mail saying that the company is in the process of contacting users but can not disclose specific details of the breach right now.

Update: Monster Worldwide replies to our questions

RWW: How many user accounts have been compromised?

MW: To be prudent, we are notifying all of our job seekers and customers.

RWW: Will Monster be contacting users?

MW: Monster elected not to send e-mail notifications to avoid the risk that those e-mails would be used as a template for phishing e-mails targeting our job seekers and customers. Monster believes that the combination of on-site notification and password changes is the most effective way to address the situation.

RWW: Is it an internal or external breach?

MW: While Monster is sharing the information necessary to assist and protect our job seekers and customers, we cannot disclose specific details of the situation because we need to protect the integrity of our security systems and our ongoing inquiry into the situation.

RWW: Why are passwords not encrypted, or if they are, how are they compromised?

MW: We don’t comment on specific security measures.

Reblog this post [with Zemanta]

Leave a Comment