August 29th, 2007

Monster.com: Job site data theft 'not isolated incident'

Posted by Ryan Naraine @ 4:14 pm

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Hirings and firings, Patch Watch, Pen testing, Privacy, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research

Tags: Job, Monster, Ryan Naraine

Monster.com says last week’s discovery of a rogue server accessing personal information from its database of job-hunters was “not an isolated incident.”

“As is the case with many companies that maintain large databases of information, Monster is from time to time subject to illegal attempts to extract information from its database. Despite ongoing analysis, the scope of this illegal activity is impossible to pinpoint,” the company said in a statement outlining plans to beef up its security mechanisms.

[SEE: Monster.com shuts down rogue server linked to data theft ]

Last week, anti-virus researchers at Symantec warned that the Infostealer.Monstres Trojan horse was rigged to targets Monster.com users when they post data online. Approximately 1.3 million Monster.com users, most in the U.S., were affected by the breach.

Monster.com said it is implementing new robust capabilities for worldwide monitoring and surveillance of site traffic, reviewing and tightening all site access policies and controls and launching a series of targeted initiatives to protect job seeker contact information.