Monster.com Hacked. This Is Not A Repeat

Monster.com Hacked. This Is Not A Repeat

Part of jobsearch giant Monster.com was yanked off the Internet for a short period on Monday after it was discovered that hackers had managed to redirect some Monster users to servers where they were exposed to an exploit that collected sensitive personal data from them.


The iFrame attack marred employment listings offered by some of the world's biggest companies, including Best Buy, Toyota Financial and Eddie Bauer, Thompson said. People who visited those listings were redirected to a server that hosted the exploits. The malicious javascript was encrypted, making it hard to know exactly how it behaved.

Monster.com has since scrubbed its pages clean of the offending code and restored the pages it took down, a spokesman said in a statement. The attack attempted to install malware that is commonly flagged by most anti-virus programs and "should not affect users running Windows with the most recent security updates from Microsoft," according to the statement. Only "an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned."



Just three months ago, criminals stole Monster.com user names for use in a targeted phishing attack. Monster promised to do better. Perhaps Monster could post a job a job opportunity notice for a few computer security workers. If only there was someplace on the web prospective candidates could trust to look for such a thing.
0
+ -

Lol...

"Looking for employment? Like computers and network security? Fill out your resume at Monster.com for employment at monster.com. We'd love to have you! (Be sure NOT include sensative information such as your name, number, address, or anything for that matter in your resume for security reasons)"

0
+ -

the sad thing is i know many people that use this site, and feel it completely safe, i would never feel safe making my resume "privately" available on the internet, along with my SSN, that's like asking to be taken.

i don't even put my SSN on my job application until i get hired

0
+ -

mazuki:

i don't even put my SSN on my job application until i get hired

As you shouldn't! Anyone who does that should signal to the person reading their resume they're an idiot. The website sucks anyways. All they do is send you spam. CareerBuilder/Dice/etc are much better for job searching. 

Login or Register to Comment
Post a Comment
Username:   Password: