Security Technology News - August 2007
Monster Board Suffers Online Security Attack
Posted by Security Technology News' International Correspondent on 22/08/2007 - 17:29:56
According to security firm Symantec, Monster.com _ the vast American employment website _ has been attacked online, with the resultant loss of thousands of sets of customer data. Using stolen log-in information, those behind the attack used a Trojan computer program to gain entry to the part of Monster.com devoted to employers. As per Symantec, the thieved details enabled the criminals to effectively harvest e-mail address, telephone number and residential address details, as well as relevant user names. A remote web server was then used, to which this information was uploaded. From here on, the data formed the basis of phishing attacks.
Commenting on the scale of the operation, Symantec described how: "This remote server held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website."
The company has made contact with Monster.com in order to enlighten them of this security infringement.
Symantec detailed how it had viewed reports of the phishing emails with which users of Monster.com were targeted, saying that these contained "personal information", and adding that they were "very realistic". The email advocated the download of a Monster Job Seeker Tool. This product, however, acted to encrypt files in the PCs/Macs of those who downloaded it, additionally providing a note offering to decrypt them upon payment of a suitable fee.
Monster's Vice President of Compliance and Fraud Prevention, Patrick Manzo, has provided comment on the incident, stating: "To the best of our knowledge, this is not a hack of Monster's security, rather, legitimate customer credentials are being used to log in to the database". He continued: "There have been reports of this as an issue of identity theft. We are not aware of any cases of identity theft. In fact, the information that is gathered from Monster is no different than that displayed in a phone book."
Trojans are frequently employed to access passwords, usernames and bank details. As per Sophos, the online security firm, in excess of 8,000 newly-developed Trojans are discovered on a monthly basis.
Symantec recommends that people using job websites such as Monster should always provide the minimum information required, and use a throw-away email address where possible. "Never disclose sensitive details such as your social security number, passport or driver's license numbers, bank account information to prospective employers until you have established they are legitimate", the firm added.
Source _ Security International's Internet Reporter
Recent related News Items:
Recently Added News
A radar system able to 'see' through walls and into suspects' homes is now in widespread US police force use, but does it represent a breach of civil rights?
Chinese hackers accused of having obtained wealth of classified defence information from the United States including key data on its state-of-the-art F-35 steal...
965 kilometres long, a wall is being built along the Saudi-Iraqi border consisting of watch towers, night-vision systems and radar plus other security elements.
Radical new ShockRound and PepperRound bullet designs are unveiled. Designed for use with 12 gauge shotguns, each has potentially game-changing non-impact prope...