January 26, 2009
Another Data Breach at Monster.com
In his Computerworld blog, our friend Richi Jennings of Ferris Research notes comments from the blogosphere today about yet another data breach/hack at Monster.com.
Monster posted a note on their site last Friday explaining the breach and suggesting steps users should take as a result. Says Monster:
"We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. Monster does not generally collect – and the accessed information does not include - sensitive data such as social security numbers or personal financial data."
They go on to remind users that their email addresses may become the target of phishing attacks (I'd say this is very likely) and note that:
As a further precaution, we want to remind you that an email address could be used to target “phishing” emails. Monster will never send an unsolicited email asking you to confirm your username and password, nor will Monster ask you to download any software, “tool” or “access agreement” in order to use your Monster account.
This is, of course, generally good advice that echoes Proofpoint's own "Golden Rules" for staying safe online. It's disheartening, however, to see Monster.com fall victim to a large-scale data breach for the second time in 18 months. See Richi's Computerworld post for additional commentary...
Link to Monster's security note: http://help.monster.com/besafe/jobseeker/index.asp
