Thursday, February 26, 2009

Monster got bit...

Good thing I started job hunting today or I would have never have found this out. Some how I missed this in my downtime between engagements. Looks like Monster.com had a serious security breach. They forced me to change my password and gave other 'just in case' warnings to me.


They say:



As is the case with many companies that maintain large databases of information, Monster is the target of illegal attempts to access and extract information from its database. We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data. The information accessed does not include resumes. Monster does not generally collect – and the accessed information does not include - sensitive data such as social security numbers or personal financial data.



I say: You got hacked.... 'illegally accessed' is like using collateral damage to describe innocent bystanders.


They say:



Are you contacting consumers directly?



Monster elected not to send e-mail notifications to avoid the risk those e-mails would be used as a template for phishing e-mails targeting our job seekers and customers. We believe placing a security notice on our site is the safest and most effective way to reach the broadest audience. As an additional precaution, we will be making mandatory password changes on our site.



I say: "We're hoping people don't notice, but they're going to find out anyway. Oh well!"



I like this one:



What security measures do you have in place?

Monster has made, and will continue to make, a significant investment in enhancing data security, and we believe that Monster’s security measures are as, or more, robust than other sites in our industry.

Monster has a full-time worldwide security team, which constantly monitors for both suspicious behavior on our site and illicit use of information in our database. To maintain the integrity of these security and monitoring systems, we cannot provide further details.


Fat lot of good it did 'em! Ah well, it's not that bad in the end. I mean if you're on Monster.com, you WANT people to find your resume.... Now it just happens faster. Hopefully I'm one of millions of people who were found and I fly below the radar of who ever has the data. Besides, who'd want to be me anyway?

No comments:

Post a Comment