The Monster website contains a statement from Patrick Manzo, senior vice president and global chief privacy officer for Monster Worldwide, who assures users that:
“Immediately upon learning about this, Monster initiated an investigation and took corrective steps. It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information.”
The statement continues to advise users to change their passwords and be wary of any phishing emails that may be received as a result of the attack.
According to Manzo, CVs were not taken.
Monster act as the technology provider for the USAjobs.gov website, where the above statement is echoed by programme director Mary Volz-Peacock.
Both sites suffered a similar attack 18 months ago when cybercriminals took jobseekers’ details via recruiter accounts using a trojan, resulting in a widespread phishing campaign. Monster allegedly reported the discovery to users five days after the breach was discovered, by which time the data for 1.3 million jobseekers had been uploaded to servers in the Ukraine.
Graham Cluley, senior technology consultant at security firm, Sophos remarked that "There will be a few raised eyebrows about how Monster is choosing to inform its members of this serious security breach. As the company's database was hacked in what appears to have been a similar attack in 2007, customer confidence in the company may be damaged following this latest incident".
A statement issued by Sophos also advised users to use different passwords for each online account they have, noting that research indicates that 41 percent of people use the same password for every website they access.
What’s Hot on Infosecurity Magazine?