March 28, 2024, 07:39:37 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: NEW CHILD BOARD CREATED IN THE POLITICAL SECTION FOR THE 2016 ELECTION
 
   Home   Help Login Register  
Pages: 1   Go Down
  Print  
Author Topic: It Was Only A Matter of Time - Hackers Hit Monster.com  (Read 1543 times)
0 Members and 1 Guest are viewing this topic.
nonesuche
Monkey All Star Jr.
****
Offline Offline

Posts: 8878



« on: August 23, 2007, 04:15:51 PM »

 Mad This just infuriates me for some contractors also put their social security #'s on their resumes, a lesson to never ever do that !!!

Just like the banks, they want all of our personal info as per their desires yet what do we get in return? Hacking and fraud, much of which could be readily eliminated with simply the creation of a dual log-in process. What do they care? It's not their data but don't you love Monster isn't returning any phone calls regarding this?  Rolling Eyes

I've never ever made a resume public of mine, my gut instincts were correct....

Hackers Steal Data From Monster.com

By BRIAN BERGSTEIN,AP

BOSTON (Aug. 23) - A recently disclosed fraud involving hundreds of thousands of people on the Monster.com jobs Web site reveals the perils of leaving detailed personal information online, security analysts say.

Before the scheme was uncovered last week by researchers at Symantec  Corp., con artists had filched legitimate user names and passwords from recruiters who search for job candidates on Monster. Then with access into the Monster system, the hackers grabbed resumes and used information on those documents to craft personalized "phishing" e-mails to job seekers.

"What phishers are trying to do these days is make them as realistic as possible, by adding specific information," said Patrick Martin, a Symantec product manager. "If they know you've submitted a resume to Monster, that makes it (seem) a little more legitimate."

If the recipients took the bait, they had spyware or other malicious programs secretly installed on their computers. But even if the phishing attempt wasn't successful, the names, addresses and other details on the resumes can themselves be lucrative.

A server in Ukraine used in the scheme held 1.6 million entries. Because of duplications, Symantec said those files actually held personal information for "several hundred thousand" job seekers. Another antivirus firm, Authentium Inc., said it parsed the same data and counted 1.2 million people.

Symantec said it relayed details to Monster.com so it could disable the compromised recruiter accounts. But the security company also advised Web users to limit their exposure to such frauds by reducing the amount of personal information they post on the Internet.

That advice was echoed in other corners. Ron O'Brien, senior security analyst for Sophos PLC, suggested that job seekers provide only minimal details about themselves on job sites, and then reveal deeper information only for queries that prove to be legitimate.

The same standards should apply on social networking sites such as Facebook that ask for a wealth of information, O'Brien said.


"With very little effort, I could put together a profile of you that includes such information as your home address, your home phone number, your e-mail address, your birthday," O'Brien said. "We need to kind of take a step back and decide whether it's really required for us to provide all the information requested of us. ... We have become a nation of people who want to be cooperative."
 
Other security specialists said Monster might share the blame if it doesn't ensure that people with access to its system use "strong" passwords that are frequently changed or hard to guess.

"They have a major responsibility when they have this information," said Laura Yecies, a vice president of Check Point Software  Technologies Ltd.

Representatives for Monster Worldwide  Inc., the New York-based parent company of the jobs site, did not return messages seeking comment.

On its Web site, the company advises its members to be extremely cautious about e-mails purporting to be from recruiters - advice that goes for all unsolicited messages.

To spot phishing attempts, look for misspellings or grammatical mistakes in the messages. Even if an e-mail passes that smell test, don't click on links in the e-mail or fill out forms asking for information. And if the message offers a deal that is too good to be true - such as easy money - it probably is.


Copyright 2007 The Associated Press. The information contained in the AP news report may not be published, broadcast, rewritten or otherwise distributed without the prior written authority of The Associated Press. All active hyperlinks have been inserted by AOL.
2007-08-23 06:32:28

http://tinyurl.com/2yxtk2

Logged

I continue to stand with the girl.
Pages: 1   Go Up
  Print  
 
Jump to:  

Use of this web site in any manner signifies unconditional acceptance, without exception, of our terms of use.
Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC
 
Page created in 2.123 seconds with 19 queries.