[Dataloss] world: Monster.com job-seeker database infiltrated, personal data taken

dano dano at well.com
Fri Aug 24 14:56:24 UTC 2007 

Note that no numbers are given here. Early reports on business news 
speculate "millions could be affected".


<http://help.monster.com/besafe/email/>

  Security Notice

Monster is continuing to actively investigate and take measures to 
address the impact of malicious software, called 
Infostealer.Monstres, on our resume database. We are currently 
analyzing the number of job seekers who may have been affected by 
this software, and will be contacting them as appropriate.

Fortunately, we have been able to identify and shut down the source 
of the software. By gaining unauthorized access to employer accounts, 
the software was obtaining job seeker contact information. The 
information obtained was limited to the names, addresses, phone 
numbers and email addresses of job seekers primarily located in the 
United States.

The purpose of gathering this information appears to be sending email 
disguised as Monster in order to gain recipients' trust, and then 
attempting to convince users to engage in financial transactions, or 
lure them into downloading malicious software.

Protecting our users from fraudulent activity is one of Monster's top 
priorities. Regrettably, opportunistic criminals are increasingly 
using the Internet for illegitimate purposes. This problem spans the 
Web, particularly websites that receive heavy traffic and serve a 
variety of users across the globe.

Monster understands the importance of protecting your personal 
information, and values the trust that you place in us. We are 
committed to utilizing all of our available resources to remedy this 
situation and protect your account information. We will continue to 
share information and updates on this situation as available.

If you think you have received an email that may be fraudulent, 
please contact us immediately. If you have clicked on a link in this 
email, we highly recommend that you run an anti-virus application to 
remove anything that may have been installed on your computer, and 
contact a Monster Representative to have your Monster account 
password changed.

If you receive any email that asks you to download a tool or update 
your account or access agreement, contact us to verify its legitimacy 
first.

For further information on avoiding email fraud and keeping your 
Internet experience secure, please see below.

More information about the Dataloss mailing list