💾 Archived View for gmi.noulin.net › mobileNews › 256.gmi captured on 2023-01-29 at 21:18:17. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

Monster attack steals user data

2007-08-22 03:41:54

US job website Monster.com has suffered an online attack with the personal data

of hundreds of thousands of users stolen, says a security firm.

A computer program was used to access the employers' section of the website

using stolen log-in credentials.

Symantec said the log-ins were used to harvest user names, e-mail addresses,

home addresses and phone numbers, which were uploaded to a remote web server.

The stolen data could be used to send phishing and spam e-mails.

"This remote server held over 1.6 million entries with personal information

belonging to several hundred thousands of candidates, mainly based in the US,

who had posted their resumes to the Monster.com website," reported Symantec.

Security breach

The firm has contacted Monster.com to inform them of the security breach.

Symantec said it had seen reports of phishing e-mails sent out to Monster.com

users which were "very realistic" and contained "personal information of the

victims".

The e-mail encouraged users to download a Monster Job Seeker Tool, which was in

fact a program that encrypted files in their computer and left a ransom note

demanding money for their decryption.

"To the best of our knowledge, this is not a hack of Monster's security,

rather, legitimate customer credentials are being used to log in to the

database," said Patrick Manzo, vice president of compliance and fraud

prevention at Monster.

He added: "There have been reports of this as an issue of identify theft.

"We are not aware of any cases of identity theft. In fact, the information that

is gathered from Monster is no different than that displayed in a phone book."

The program used to access Monster.com user data was a Trojan, which are

commonly used to gain access to bank details, usernames and passwords.

More than 8,000 new variants of Trojans are found each month, according to

internet security specialists Sophos.

Last year, a British nurse was blackmailed by hackers who had used a Trojan to

access her personal e-mails.

They threatened to reveal personal details unless she paid them.

Symantec said users should always limit contact information posted to job

websites and to use a disposable e-mail address.

"Never disclose sensitive details such as your social security number, passport

or driver's license numbers, bank account information to prospective employers

until you have established they are legitimate," said the firm.