Monster took five days to disclose hack attack

 

Gallery

Posted on 24 Aug 2007 at 10:22

Monster.com waited five days to tell its users about a security breach that resulted in the theft of confidential information from some 1.3 million job seekers, the company has admitted.

Hackers broke into the US online recruitment site's password-protected resume library using credentials that Monster said were stolen from its clients, in one of the biggest internet security breaches in recent memory.

They launched the attack using two servers at a web-hosting company in Ukraine and a group of PCs that the hackers controlled after infecting them with a malicious software program known as Infostealer.Monstres, according to Patrick Manzo, vice president of compliance and fraud prevention for Monster.

The company first learned of the problem on August 17, when investigators with security company Symantec told Monster it was under attack.

"In terms of figuring out what the issue was, that was a relatively quick process," he claims. "The other issue is you want to make sure exactly what you are dealing with."

His security team spent the weekend investigating, located the rogue servers, and got the web-hosting company to shut them down some time either late in the evening on August 20, or early in the morning of August 21, he claims.

Manzo says that based on Monster's review, the information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.

On August 21, Symantec published a report on its website that said it had found copies of scam e-mails that the engineers of the attack were using, with the aim of getting information that was more valuable than just the names and contact details of Monster.com users.

Pretending to be sent through Monster.com from job recruiters, the e-mails asked recipients to provide personal financial data, including bank account numbers. They also asked users to click on links that could infect their PCs with malicious software.

Their ultimate goal in taking the data from Monster.com was to gain enough personal information to lower the guards of target victims when they read the e-mails, says Patrick Martin, a senior product manager with Symantec's response team in Austin, Texas, which first identified the attack.

"It gives these spam e-mails just a little bit of credibility," Martin says. "These guys were trying to get financial information from people."

It wasn't until Wednesday, a day after Symantec issued the August 21 report, that Monster put a notice on its website, warning users they might be the target of e-mail scams.

Monster then announced on Thursday that the details of some 1.3 million job seekers had been stolen. Fewer than 5,000 of those affected are based outside the US, it said in a statement.

A company spokesman claims Monster also posted letters to the 1.3 million affected users on Thursday, in case the users were wary of opening e-mail from the company after the breach. He claims Monster's database has about 73 million resumes.

Author: Reuters