First information from Monster about data theft
Earlier this week, a trojan was reported to have used the access credentials of employers and head hunters to retrieve potential candidates' personal data. At that time it was only known that up to 1.6 million entries belonging to several hundred thousand mostly US American job candidates had been seized by the data thieves.
Monster has now issued a statement about the incident. The thieves were able to seize the confidential data of more than 1.3 million users. The attackers used Ukrainian servers and infected computers to retrieve the names, addresses, telephone numbers and email addresses of Monster users; no bank details, however, were stolen. Following a request by Monster, the hosting provider took the Ukrainian servers used for accessing Monster's database off-line. It appeared the data thieves wanted to use the stolen data for sending out personalised spam and phishing emails and for recruiting middle men for emptying accounts using bank details stolen elsewhere.
Talking to heise Security, Ramona Kesch of Monster Germany confirmed that the majority of the 1.3 million stolen files belonged to American citizens. However, about 5000 entries were registered in other countries. Monster informed the Times, however, that the data of 3.2 million UK Monster users were stored on the servers of the main US company and were, therefore, also potentially susceptible to fraud.
- Monster trojan steals job candidates' data, heise security news