Monster Hacked. This Is Not A Repeat

rated by 0 users
This post has 3 Replies | 0 Followers

Top 10 Contributor
Posts 25,805
Points 1,164,560
Joined: Sep 2007
ForumsAdministrator
News Posted: Wed, Nov 21 2007 9:10 AM

Part of jobsearch giant Monster.com was yanked off the Internet for a short period on Monday after it was discovered that hackers had managed to redirect some Monster users to servers where they were exposed to an exploit that collected sensitive personal data from them.


The iFrame attack marred employment listings offered by some of the world's biggest companies, including Best Buy, Toyota Financial and Eddie Bauer, Thompson said. People who visited those listings were redirected to a server that hosted the exploits. The malicious javascript was encrypted, making it hard to know exactly how it behaved.

Monster.com has since scrubbed its pages clean of the offending code and restored the pages it took down, a spokesman said in a statement. The attack attempted to install malware that is commonly flagged by most anti-virus programs and "should not affect users running Windows with the most recent security updates from Microsoft," according to the statement. Only "an extremely small percentage of those using the site this week were potentially exposed prior to those pages being cleaned."



Just three months ago, criminals stole Monster.com user names for use in a targeted phishing attack. Monster promised to do better. Perhaps Monster could post a job a job opportunity notice for a few computer security workers. If only there was someplace on the web prospective candidates could trust to look for such a thing.



  • | Post Points: 35
Top 50 Contributor
Posts 2,617
Points 32,625
Joined: Oct 2005
Location: Minnesota, United States
ice91785 replied on Wed, Nov 21 2007 11:56 AM

Lol...

"Looking for employment? Like computers and network security? Fill out your resume at Monster.com for employment at monster.com. We'd love to have you! (Be sure NOT include sensative information such as your name, number, address, or anything for that matter in your resume for security reasons)"

  • | Post Points: 5
Top 500 Contributor
Posts 150
Points 2,250
Joined: Sep 2007
Location: U.S.
mazuki replied on Wed, Nov 21 2007 3:17 PM
the sad thing is i know many people that use this site, and feel it completely safe, i would never feel safe making my resume "privately" available on the internet, along with my SSN, that's like asking to be taken.

i don't even put my SSN on my job application until i get hired
  • | Post Points: 20
Top 100 Contributor
Posts 1,063
Points 10,760
Joined: Feb 2004
Location: Other, Other
Grahf replied on Wed, Nov 21 2007 5:28 PM

mazuki:

i don't even put my SSN on my job application until i get hired

As you shouldn't! Anyone who does that should signal to the person reading their resume they're an idiot. The website sucks anyways. All they do is send you spam. CareerBuilder/Dice/etc are much better for job searching. 

I beat the Internet... the end guy was hard

  • | Post Points: 5
Page 1 of 1 (4 items) | RSS