Tuesday January 27, 2009
Monster.com, the popular job-searching web site, has reported that attackers were able to compromise the Monster.com database and gain access to user information. With the job market in a freefall and tens of thousands more job cuts announced just this week, I am sure usage of sites like Monster.com are skyrocketing. According to this PC World article about the breach, "Monster.com user IDs and passwords were stolen, along with names, e-mail addresses, birth dates, gender, ethnicity, and in some cases, users' states of residence." Apparently since no credit card or social security number information was stolen, Monster.com is not subject to the same sort of disclosure laws as other data breach victims like TJX or Heartland Payment Systems.
The announcement from Monster.com is short on details, ostensibly because they are still investigating. They have not discovered any attempts to use or exploit the stolen data, but they have also not announced the number of affected users and they have implemented modified or additional security controls. Monster.com states in their alert message about the breach that they have no intention of sending emails to affected users or doing anything more than posting the announcement.
The PC World article states that Monster.com "advised users to change their passwords and reminded them to ignore e-mails they may get that purport to be from the company and that ask for password information or instruct the user to download anything."
Quoted from: http://netsecurity.about.com/
No comments:
Post a Comment