Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Monster.com and USAJobs.gov's databases compromised - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Monster.com and USAJobs.gov's databases compromised

We got a tip from a reader (thanks David!), that apparently Monster.com's database and USAJobs.gov's database was compromised and information was stolen.  To clarify, USAJobs.gov's database is ran by Monster, as outlined in their post here.

(Monster's press release is here.)

Quoting from USAJobs.gov's website:

"We recently learned that the Monster database was illegally accessed and certain contact and account data were taken, including user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. The accessed information does not include - sensitive data such as social security numbers or personal financial data."

So I am sure some phishing attempts will come of this, as both of the press releases allude to.

Monster states in their release that you will be required to change your password on the site soon.  So I'd recommend that you go ahead and do that proactively.  Don't use a password that you'd use anywhere else. (For those of you that use the same password on Monster.com and yourbankhere.com.  You know who you are!)

-- Joel Esler http://www.joelesler.net

Joel

454 Posts
ISC Handler
If they have my user ID and password, then I would assume that they could simply log into my account and look at my resumes and other account info (including SSN). Sounds like it is a smokescreen as to not being able to get to your sensitive information and is way more serious than it is being made out to be. Any further account compromise will simply look like legitimate users logging into their accounts and will not raise any suspicions.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!