In association with heise online

26 January 2009, 15:55

Monster security breach

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Sophos, the IT security and control firm, is advising users of careers website and, the official job site of the US Federal Government, to to change their passwords, following news that both sites have been the victim of a serious hacking attack, which has compromised both sites user names and passwords.

As Sophos have pointed out before, research has discovered that 41 per cent of people use the same password for every website they access. Many Monster and USAJobs users are likely to be at risk of their accounts on other websites being hacked.

Graham Cluley, senior technology consultant at Sophos says "Customers of both Monster and USAJobs have been placed at serious risk because of this attack," – "One very real risk is that the hackers will use the email addresses and personal information they have stolen to mount a very realistic phishing campaign to gather more sensitive information from the victims. But, that's just the tip of the iceberg - since so many people use the same password for every website, there's a good chance the cyber-criminals will be able access users' bank accounts and other sites."

According to Monster, users' email addresses, names, phone numbers and some demographic data have also been stolen. Eighteen months ago in a similar attack on both sites, hackers used the Monstres Trojan horse to steal job seeker details via recruiter accounts. A widespread phishing campaign followed soon after.

Monster have chosen not to inform individual users through e-mail, but have simply posted an advisory on their website.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit