By Brian Prince
August 23, 2007
As many as 1.6 million job seeker identities may have been lifted.
Officials at Monster.com confirmed that they had identified and shut down a rogue server accessing contact information through the unauthorized use of compromised legitimate employer/client log-in credentials.
The server contains names, addresses, phone numbers and e-mail addresses. Monster.com is currently analyzing the number of job seeker contacts impacted by the situation and will be communicating with those affected as appropriate, officials said. The company did not offer any details about the location of the server that it shut down.
Last week, researchers at SecureWorks found a server containing data from 46,000 people that was stolen by hackers running ads on job hunting sites and injecting those ads with a Trojan.
When a user views or clicks on one of the malicious ads, their PC is infected and all the information that enters into their browser—such as financial information entered before it reaches SSL protected sites—is captured and sent off to servers used by the hackers, SecureWorks officials said.
The discovery seems to have been part of a larger effort by hackers to target job hunting sites, as Symantec also reported finding another remote server with more than 1.6 million entries with personal data belonging to people who had posted their resumes on Monster.com. Symantec dubbed the Trojan Infostealer.Monstres, and stated the Trojan was using the credentials of recruiters to log in to the Web site and perform searches for resumes of candidates in certain countries or working in certain fields.
The personal details of those candidates were then uploaded to a remote server under the control of the attackers.
"Monster is in the process of reaching out to its entire employer population to mitigate any ongoing issues," officials at the job hunting site said. "In addition, Monster is placing a security alert on the Monster.com site."
PointerCheck out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK's Security Watch blog.