Monster.com database looted

I debated on whether to post this here or in the security forums, but figured people might have their resumes on monster who aren't interested in security.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032518&pageNumber=1

Monster's resume database was looted, and the personal information taken was used to forge convincing messages that deposited password-stealing Trojans and ransomware on users' PCs.

Here is the information on monster.com's site:
http://help.monster.com/besafe/

Anyone here possibly affected by this? Fortunately I have never had my resume on any of these kind of sites.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

JDMurray

Wasn't this just for people that recently applied for jobs through Monster postings? My resume has been on Monster for years, but there's no information associated with it that isn't already public. I hope people aren't including things like their SSN and visa numbers in the private info on Monster.

sprkymrk

What it looks like to me is that the stolen information was very basic "contact" information (name, city, email, title, etc.) that was then used for "targeted phishing". The idea was that it looked like it came from a semi-trusted source (monster) so the target was more likely to fall for the scam, whether it was additional information to use to steal identity and/or money, or to trick someone into downloading a keylogger trojan.

JDMurray

It looks like the personal information stolen from Monster.com is being used to target people as mules for transferring money to Russia using Western Union. The promise of fast, easy money is the bait. The information was obtain using valid Monster.com legitimate employer-client login credentials and a hacked server. No word yet if it was an inside job.

PC World - Stolen Monster Data Put to Bad Use

Babietech

sprkymrk wrote:

I debated on whether to post this here or in the security forums, but figured people might have their resumes on monster who aren't interested in security.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9032518&pageNumber=1

Monster's resume database was looted, and the personal information taken was used to forge convincing messages that deposited password-stealing Trojans and ransomware on users' PCs.

Here is the information on monster.com's site:
http://help.monster.com/besafe/

Anyone here possibly affected by this? Fortunately I have never had my resume on any of these kind of sites.

I had my resume on Monsters.com and when I heard about the news on the TV, I immediately, deleted my resume off the site. Unfortunately, I couldn't delete my whole user account.

JDMurray

Babietech wrote:

I had my resume on Monsters.com and when I heard about the news on the TV, I immediately, deleted my resume off the site. Unfortunately, I couldn't delete my whole user account.

By the time the theft was made public, the information had already been stolen from the servers and was in use. Deleting it after the fact really provides no additional protection. The info is being used to specifically target people with very legitimate looking email that contains information from their Monster accounts and online resume. This isn't a bad thing if you are aware that these email messages are phony. What is very bad is the people who put unnecessary private information in their Monster.com account, like Social Security Number, visa number, passport number, bank account information. etc. Those people are really going to be hurt.