Digital Journal — A malicious attack stole personal information from hundreds of thousands of users on one of the biggest job sites on the Web, security firm Symantec said recently. Monster.com suffered a serious breach of data that exposed members to file ransom, a scam where hackers demand money to decrypt someone’s files.
Using stolen log-in information, hackers accessed the employers’ section of the site and harvested user names, addresses, and phone numbers, which were then uploaded to a remote server, BBC News said. This server held close to 1.6 million entries with personal information taken from “several hundred thousand candidates, mainly based in the U.S.,” reported Symantec.
Fox News explained how the hackers exposed Monster members to file ransom:
The information…was used to send ‘phishing’ e-mails to members, apparently from Monster.com, encouraging them to download a tool known as ‘Monster Job Seeker.’ The tool was in fact a malicious program known as a Trojan, as in Trojan horse, which encrypted files on the victims’ machines, making them inaccessible to the computer owner. A message was left requesting that money be paid to the attackers before the files — which could include photos and other personal documents — would be decrypted.
But Monster.com officials said members shouldn’t see this as a case of identity theft. Patrick Manzo, vice president of compliance and fraud prevention at Monster, told BBC News:
To the best of our knowledge, this is not a hack of Monster’s security, rather, legitimate customer credentials are being used to log in to the database… the information that is gathered from Monster is no different than that displayed in a phone book.
Symantec still issued warnings to any users of websites similar to Monster.com. According to Fox News, Symantec advised users to limit the personal information they posted, and to use a separate email address rather than their main personal account. Also, no one should execute software that seems suspicious.
This Monster.com data breach exposes more than just a hacker’s sneaky wiliness. Rather, it underscores the clear and pressing danger of identity theft. Sure, Monster officials are quick to spin the online attack their way, but the fact remains that hundreds of thousands of emails and home addresses were lifted by strangers. That is inexcusable.
If Netizens are going to feel safe on sites like Monster, web administrators have to do more than just cough up excuses after data leaks. Safety should be a guaranteed right when inputting data on the Web, but when that privacy is compromised, people should rest assured hackers won’t spend phishing vacations with them.
