• On The Insider: Britney's Bikini-Clad Top 10
January 26, 2009 10:45 AM PST

User data stolen from job site Monster

by Elinor Mills
  • Font size
  • Print
  • 6 comments
Share

User information, including passwords, has been stolen from job site Monster, the company has announced.

(Credit: Monster)

Monster's database of user account information--which includes user IDs, passwords, e-mail addresses, names, phone numbers, and some demographic data--was illegally accessed and information was taken, the company said on Friday.

The information that was stolen did not include resumes or sensitive information like Social Security numbers and financial data. But someone could use the data that was breached to contact Monster users and use social engineering to trick them out of their information.

Monster is urging its users to visit the site and change their password. As a matter of policy, Monster does not send unsolicited e-mail asking users to confirm usernames and passwords or to download anything.

Job sites are a likely target during an economic downturn, security firm AppRiver said in a recent report on spam and other Internet security threats.

More information on security tips is available on the Monster security Web page.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Privacy & data protection

Tags:

security,

breach,

Monster

Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
Recent posts from Security
Youth using phones to harass and spy on partners
PC Tools Internet Security 2010 reviewed
Google Chrome now bundled with Avast
Some Avast users must reinstall flagged files
Defense Dept. pulls software over privacy issues
Microsoft to plug critical IE hole targeted by exploit code
Google wants to unclog Net's DNS plumbing
Avast update falsely flags good apps as malware
Related
RSA reveals details behind re-shipping scam
Wrapping up Speeds and Feeds, part 4: Security
Is Android ready for enterprise use?
FAQ: Recognizing phishing e-mails
Another iPhone worm, but this one is serious
WiiWaa: Fun for kids, coma for animal controller
Crave giveaway of the week: official rules
Crave giveaway of the day: official rules (2)
Add a Comment (Log in or register) (6 Comments)
  • prev
  • 1
  • next
by Michichael January 26, 2009 4:22 PM PST
Well crap, guess I need to change my passwords. Been three months anyway.
Reply to this comment
by dfulbright January 26, 2009 4:53 PM PST
So, did actual plain-text passwords get stolen? Why on earth would ANY site store actual passwords, instead of hashes?
Reply to this comment
by btljooz January 27, 2009 12:50 PM PST
Ain't this just GRAND????? Monster got hacked the exact same way back in mid 2007. Did they NOT _*LEARN*_ a single THING about Security?????????

BTW: Did ya'll know that http://jobsearch.usajobs.gov/ is "powered" by Monster???? OOOOh, YES!!!!! ANY one who has there info there is also a victim. I know because I had my info on usajobs at one time....until I got the notification letter from them that my personal info had been compromised and why.
Reply to this comment
by btljooz January 27, 2009 12:53 PM PST
OOOPS! ptyo..tyop...TYPO!!! alert. Sorry but:

>>>ANY one who has there info there is also a victim.<<<

SHOULD read:

>>>ANY one who has *their* info there is also a victim.<<<
Reply to this comment
by btljooz January 27, 2009 1:06 PM PST
Hey, look what I found:

USAJOBS - Security Alert

http://www.usajobs.gov/securityNotice.asp
Reply to this comment
by chili_picante January 28, 2009 7:37 AM PST
Hey, Monster: Why am I reading about this at CNet, instead of getting a notice from you about the breach! Does anyone know if all usernames and passwords were exposed, or just some?
Reply to this comment
(6 Comments)
  • prev
  • 1
  • next
advertisement

The yogurt makers of tech: Gadgets to avoid

Don't buy these one-trick ponies--unless you like gizmos that gather dust.

Google wants to unclog Net's DNS plumbing

The Net giant, ever eager for a faster Internet, debuts its Google Public DNS service. With it, Google could become even more central to the Net.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET