Unauthorized Access to Monster.com Exposes Hundreds of Thousands of Users to E-mail Scams

Symantec Corporation (Symantec), an Internet security firm, discovered a security breach on the job recruitment web site Monster.com after noting phishing e-mails were being sent to Monster.com users containing personal information of the users. According to Symantec, attackers accessed the employers section of the Monster.com website and uploaded data to a remote server which "held over 1.6 million entries with personal information belonging to several hundred thousands of candidates". Although the information gained by the attacker, by itself, did not give access to further sensitive information, it allowed the attacker to send an e-mail to users containing a Trojan which would encrypt the users' files and money was then demanded by the attacker for de-encryption of the files. As a result, both Symantec and Monster.com released carefully worded announcements (see the links below), alerting their customers to the type of scheme being used. For more information see: http://news.bbc.co.uk/1/hi/technology/6956349.stm For Symantec's report, visit: http://tinyurl.com/3bmcv7 For Monster.com's press release, see: http://tinyurl.com/2kzfg7 Summary by: Lauren Lodenquai