January 26th, 2009
Monster.com hacked; user ID, e-mail, phone numbers stolen
Monster.com recently posted a PSA on their site notifying users that their database was illegally accessed and certain contact and account data were taken, “including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data.”
The information accessed does not include resumes.
“Monster does not generally collect – and the accessed information does not include - sensitive data such as social security numbers or personal financial data.”
Monster says they initiated an investigation and took corrective steps, and so far, have not detected misuse of the information.
The company also says users may soon be required to change your password upon logging onto the site, but when I logged in after reading the bulletin, I was not prompted to change my password in any way.
It must also be noted that as a registered user of the site, I was not e-mailed or notified by Monster.com directly about the breach, and only found it doing my normal news-gathering rounds on the web. This is not exactly best business practice for a breach of this nature; it should be noted that Monster has a poor history of waiting before notifying users of its site of security risks.
Of course, with an exposed e-mail address at risk, beware of future “phishing” emails; also, avoid using the same passwords across multiple sites as a precaution for this type of breach.
UPDATE 1/27/09: Looks like the UK got hit for 4.5 million users, and no word on the other 35 countries Monster operates in.
Andrew J. Nusca is an associate editor for ZDNet and SmartPlanet.
See his full profile and disclosure of his industry affiliations.
Email Andrew Nusca 
Follow on Twitter
Subscribe to The ToyBox via Email alerts or RSS.
