MONSTERCOM FALL VICTIM MASSIVE ID THEFT OCCURED

“The protection of your data is a high priority for Monster. Our newly redesigned Web site has, and will continue to add, safety and security features to protect your information and we want you to feel confident using it.” That was written in a notification put recently by Patrick Manzo, Senior Vice President, Global Chief Privacy Officer, Monster Worldwide. Monster Worldwide is a company that owns an employment website monster.com. Monster is one of the 20 most visited websites out of 100 million worldwide, according to comScore Media Metrics (November 2006). Today, Monster is the largest job search engine in the world, with over a million job postings at any time and over 150 million resumes in the database (2008) and over 63 million job seekers per month.

The notification was posted on the website of the service rather than being sent out to all the users. Actually it was not about the confirmation of the service reliability, but quite the contrary, it was about the data breach recently occurred to the largest employment service on the web. At the beginning of Manzo's advisory there were such words:

“As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data.”

It is the second time for the past 18 months employment search site Monster.com has lost a wealth of personal data belonging to millions of job seekers. Besides, it is at least the third time Monster.com has put its users at risk after suffering a significant security breach. In August 2007 a Trojan horse malware using the compromised employer credentials pumped data belonging to some 1.3 million people. A few days later the users started receiving phishing mails advising them to download malicious software or accept their job offering to serve as their lobbyist.

At that time Monster Worldwide made some bombastic statements about their further upgrading the data security but just two months later it was successfully attacked by the hackers that compromised their job listings and used them to infect visitors with malware.

While the company offers their users to change their passwords and be cautious to the potential phinshing email messages reminding of the fact that ‘Monster will never send an unsolicited email asking you to confirm your username and password, nor will Monster ask you to download any software, “tool” or “access agreement” in order to use your Monster account.'