Job Seekers Compromised By Monster.com Hack

Hackers may have accessed data on 1.6 million resumes

August 22, 2007

Identity Theft

• FTC Proposes Ways to Reduce Identity Theft
• "Underground Economy" for Crime Thrives, Report Says
• Feds Issue New Identity Theft Recommendations
• Identity Theft: One Woman's Story, Eight Months Later
• Consumers Cautioned About Voter Registration Scams
• Young Adults Seen As Prime Identity Theft Targets
• Researchers Find Security Flaws In Online Banking Sites
• 'Red Flags Rules' for Identity Theft on the Way
• Identity Theft: One Woman's Story
• Xbox or PC Stolen? Don't Forget to Cancel Your Credit Cards
• Identity Theft a Growth Industry in Texas Border Towns
• FTC Warns Consumers About Tax Rebate Scams
• Big Banks, Telcos Top Identity Theft List
• Identity Theft Tops FTC Complaint List Again
• Study Claims Identity Theft 'Continues To Decline'
• 650,000 Retail Customers Exposed In Data Breach
• Children Becoming Prime Identity Theft Targets
• FTC Finds 8 Million Identity Theft Cases
• New Jersey Wants Banks to Help Fight Phishing Scams
---
• More ...

A computer security analyst says he has uncovered a major breach on the popular jobseeker site Monster.com, potentially exposing hundreds of thousands of people to identity theft.

Amada Hidalgo of Symantec says hackers used a Trojan, called Infostealer Monstres, to get access to personal information on 1.6 million resumes.

Hidalgo said the Trojan appears to be using the credentials of a number of recruiters to log in to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields.

The Trojan sends commands to the Monster.com Web site to navigate to the managed folders section. It then captures the output from a pop-up window containing the profiles of the candidates that match this recruiter’s saved searches.

The candidates' personal details, such as name, surname, email address, country, home address, work/mobile/home phone numbers and resume ID, are then uploaded to a remote server under the control of the attackers.

“This remote server held over 1.6 million entries with personal information belonging to several hundred thousands candidates, mainly based in the US, who had posted their resumes to the Monster.com Web site,” Hidalgo wrote in his Web log.

“Such a large database of highly personal information is a spammer’s dream. In fact, we found the Trojan can be instructed to send spam email using a mail template downloadable from the command & control server.”

Hidalgo said Symantec has informed Monster.com of the compromised recruiter accounts so they can be disabled.

What To Do

To protect your identity when using recruitment sites, or at least limit your exposure to identity theft, Hidalgo says jobseekers should limit the contact information posted on these sites, use a separate disposable email address and never disclose sensitive details such as Social Security number, passport or driver’s license numbers, bank account information, until it has been established the employer is legitimate.

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

CONSUMER NEWS

SAFETY RECALLS

PRINT, ETC.

Print This

Email This

FREE CONSUMER NEWSLETTERS

The Daily Consumer
Afternoons M-F
Sign up now!

Consumer News & Alerts
Every Sunday
Sign up now!

MOST-VIEWED PAGES

NEW COMPLAINTS

Hey there! ConsumerAffairs.com is using Twitter.
Twitter is a free service that lets you keep in touch throughout the day. Join today to start receiving ConsumerAffairs.com's updates.

Back to the top |

Custom Search

AUTOMOTIVE
• Dealers
• Manufacturers
• Service
• Extended Warranties
• Lemon Laws
• Recalls
• Tires
• Transporters

FAMILY
• Aging
• Children, Parenting
• Recalls
• Dating
• Education
• Entertainment
• Pets
• Weddings

FINANCE
• Annuities
• Banks
• Credit Cards
• Debt Collection
• Debt Counseling
• Insurance
• Investing
• Loans
• Mortgages
• Payday Loans
• Student Loans
• Tax Prep

HEALTH
• Doctors
• Drugs, Pharmacies
• Health Clubs
• Hearing Care
• Hospitals
• Nursing Homes
• Nutrition, Diets
• Vision Care
• Weight Loss

HOMEOWNERS & RENTERS
• Appliances
• Cookware
• Furniture
• Home Improvements
• Lawn & Garden
• Movers
• Pools & Spas
• Realtors, Rental Agents
• Recalls
• Utilities

ELECTRONICS
• Cable TV/DBS
• Cameras
• Cell Phones
• Computers
• Home Electronics
• Internet Access
• Local Phone Service
• Long Distance
• VoIP

SHOPPING
• In-Home
• Online
• Retail Stores
• Sporting Goods
• Supermarkets
• Telemarketers

TRAVEL
• Airlines
• Bus Lines
• Car Rental
• Cruises
• Hotels
• Travel Agents
• Trains

RESOURCES
• Class Actions
• Complaint Form
• Small Claims Guide
• Lemon Laws

CONSUMER NEWS
• Latest News
• Automotive
• Telecom
• Financial
• Health
• Homeowners
• Scams
• Seniors
• Travel
• More ...

RECALLS
• Automotive
• Children's Products
• Drugs
• Food
• Household Products
• Sporting Goods

ABOUT US
• FAQ
• Privacy Policy
• Advertise With Us
• Newsroom
• Syndication
• Terms of Use

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.