Job site Monster.com acknowledged a breach of its user database late Friday, warning that online intruders made off with an unspecified number of job seekers' names, phone numbers, e-mail addresses, log-in names and passwords.
The Web site, run by New York, NY-based Monster Worldwide, gave scant information about the breach, except that the intrusion did not compromise any Social Security numbers or personal financial details, which the company does not generally collect. The breach also affected Monster.com's government client, USAJobs.com, which also posted a notice on Friday.
"Immediately upon learning about this, Monster initiated an investigation and took corrective steps," the company said in its statement on Friday. "It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information."
The theft is the second time in as many years that the company's security missteps left its customers data in the hands of online criminals. In August 2007, Monster.com warned job seekers that the company had discovered and shut down a rogue database that contained personal information culled from résumés posted on the site. While the previous breach affected at least 1.3 million Monster.com users, the company did not reveal the extent of the latest breach.
"We don't comment on investigations in progress or specific security measures," a Monster.com spokesperson stated in an e-mail sent to SecurityFocus on Saturday. "Immediately upon learning about this, we chose to notify all customers and job seekers as part of our ongoing effort to keep users informed about Internet security."
Fraudsters typically use the details from compromised job sites, such as Monster.com, to make their phishing campaigns more believable.
Monster.com advised all users to change their passwords as soon as possible.
Posted by: Robert Lemos