CONSUMER NEWS    RECALLS    COMPLAINT FORM    SCAM ALERTS  


Complain about a product or service
Small Claims Guide | Class Actions | Lemon Law | FAQ | Resources | Newsletters | Spanish
Automotive    Education    Electronics    Family    Finance    Health    Homeowners    Shopping    Travel   
NEWS   Latest |  Archives |  Auto |  Cells, etc. |  Computers |  Financial |  Health |  Homeowners |  Parents |  Privacy |  Scams |  Seniors |  Travel

Job Seekers Compromised By Monster.com Hack

Hackers may have accessed data on 1.6 million resumes





August 22, 2007 

Identity Theft
Identity Theft: One Woman's Story
Xbox or PC Stolen? Don't Forget to Cancel Your Credit Cards
Identity Theft a Growth Industry in Texas Border Towns
FTC Warns Consumers About Tax Rebate Scams
Big Banks, Telcos Top Identity Theft List
Identity Theft Tops FTC Complaint List Again
Study Claims Identity Theft 'Continues To Decline'
650,000 Retail Customers Exposed In Data Breach
Children Becoming Prime Identity Theft Targets
FTC Finds 8 Million Identity Theft Cases
New Jersey Wants Banks to Help Fight Phishing Scams
---
More ...

A computer security analyst says he has uncovered a major breach on the popular jobseeker site Monster.com, potentially exposing hundreds of thousands of people to identity theft.

Amada Hidalgo of Symantec says hackers used a Trojan, called Infostealer Monstres, to get access to personal information on 1.6 million resumes.

Hidalgo said the Trojan appears to be using the credentials of a number of recruiters to log in to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields.

The Trojan sends commands to the Monster.com Web site to navigate to the managed folders section. It then captures the output from a pop-up window containing the profiles of the candidates that match this recruiter’s saved searches.

The candidates' personal details, such as name, surname, email address, country, home address, work/mobile/home phone numbers and resume ID, are then uploaded to a remote server under the control of the attackers.

“This remote server held over 1.6 million entries with personal information belonging to several hundred thousands candidates, mainly based in the US, who had posted their resumes to the Monster.com Web site,” Hidalgo wrote in his Web log.

“Such a large database of highly personal information is a spammer’s dream. In fact, we found the Trojan can be instructed to send spam email using a mail template downloadable from the command & control server.”

Hidalgo said Symantec has informed Monster.com of the compromised recruiter accounts so they can be disabled.

What To Do

To protect your identity when using recruitment sites, or at least limit your exposure to identity theft, Hidalgo says jobseekers should limit the contact information posted on these sites, use a separate disposable email address and never disclose sensitive details such as Social Security number, passport or driver’s license numbers, bank account information, until it has been established the employer is legitimate.



Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.


Consumer News

May 17 2008

Recent Recalls & Safety Alerts

READER SERVICES

Print, Email & More

Subscribe

Free consumer newsletters
Sign up now!





Back to the top |

Advertisement


Home | Rogues Gallery | Good Guys | Complaint Form | News | Recalls | Search | Video | FAQ |
Consumer Resources | Small Claims Guide | Lemon Law | Newsletter | Contact Us
Advertise With Us | Testimonials | Newsroom | RSS Feeds | Radio | Job Postings



Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice.  ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof. 

Copyright © 2003-2008 ConsumerAffairs.com Inc.  All Rights Reserved.