Monster.com, the international job board that includes the US Federal government among its corporate clients, has experienced a second serious data breach within the space of 18 months. John Stokdyk reports.
A message posted Friday on the Monster.com corporate site by the company’s global chief privacy officer Patrick Manzo warned that someone had illegally accessed Monster’s databases and copied user IDs, passwords, names, email addresses and phone numbers.
“Immediately upon learning about this, Monster initiated an investigation and took corrective steps,” Manzo wrote. So far, Monster.com has not yet found evidence that the stolen data has been misused. As a further precaution, Manzo advised users that they would be asked to change their passwords the next time they logged on to the site
Monster.com’s executive emphasised that protecting users’ data was a “high priority” for the site, adding that a brand new site design had been introduced last week partly to strengthen security following another data breach that hit the site in August 2007.
In that instance, hackers got into the employer sections of Monster.com and dispatched emails to new candidates that carried a Trojan horse virus that encrypted their files. A group calling itself Glamorous Team demanded a $300 payment to decrypt files.
In the latest security message, Patrick Manzo warned users about the potential threat from phishing emails. Although the newly designed and reminded them that like most reputable online services, Monster does not send out messages asking people to confirm usernames and passwords, nor does it circulate tools or download invitations by email.
Monster.com is the offical job site for the US Federal Government via its USAJOBS site. Program director Mary Volz-Peacock also posted a comment on the incident advising, “We continue to devote significant resources to ensure USAJOBS (Monster) has security controls in place to protect our infrastructure and stakeholder’s information.”