Monster Still Dealing With Massive Security Breach

A week ago, computer security firm Symantec announced that a piece of malicious software known as a 'Trojan' was trying to access and uploading data to a remote computer.

August 24, 2007
Monster’s recent beast of a data breach is raising more questions about the security of Internet job searching. The incident, in which the contact information of more than 1 million job seekers was swiped and may have been used to blackmail individuals, also is a reminder that employment-related data can be vulnerable to identity thieves.

Jim Hammock, co-founder of recruiting site, says the data breach amounts to an indictment of the traditional Internet job board model, where candidates post resumes with personal information to sites like Monster. Hammock says his site allows job seekers to remain anonymous, with resumes passed directly from job seekers to employers if a match seems promising.

Employers who use Monster’s database to search for candidates and then store the results, including candidate personal data intended only for the employer, are partially to blame for the identify theft, Hammock says.

“They put the candidates at risk to hackers,” he says.

Monster Worldwide, the parent company of Monster, did not respond to a request for comment.

A week ago, computer security firm Symantec announced that a piece of malicious software known as a “Trojan” was trying to access and uploading data to a remote computer. Symantec said the Trojan appeared to be using the credentials, likely stolen, of a number of recruiters to log in to the Web site and search for resumes. The malicious software analyzed profiles of candidates that match a recruiter’s saved searches, according to Symantec.

Personal details of those candidates, such as name, e-mail address, home address and phone numbers are then uploaded to the remote computer under the control of the attackers, Symantec said.

In addition, Symantec described another piece of malicious software reportedly used in "phishing" e-mails—which are phony messages that attempt to trick recipients. Symantec said the phony messages requested that the recipient download a “Monster Job Seeker Tool,” which in fact was a copy of malicious software called “Trojan.Gpcoder.E.”

“This Trojan will encrypt files in the affected computer and leaves a text file requesting money to be paid to the attackers in order to decrypt the files,” Symantec wrote. The code for Gpcoder is “rather similar” to that of the Trojan code designed to siphon data from Monster’s system, “which may indicate the same hacker group is behind both Trojans,” Symantec wrote.

In statements this week, Monster said the contact information of approximately 1.3 million job seekers was contained on the rogue computer server, that the information on the computer was limited to names, addresses, phone numbers and e-mail addresses, and that Monster had shut down the computer.

“The purpose of gathering this information appears to be sending e-mail disguised as Monster in order to gain recipients' trust, and then attempting to convince users to engage in financial transactions, or lure them into downloading malicious software,” Monster said in a security notice on its Web site.

“The company is committed to utilizing all of its available resources to remedy the situation and to protect the data provided to us by job seekers,” Monster Worldwide said in a statement. “The company values these relationships and the trust that employers and job seekers place in Monster.”

But employers and job seekers have had reason to question the safety of online job-searching. Concerns have included work-at-home scams and phishing e-mails seeking personal identification and account information. 

Much of the public attention to identity theft has focused on problems at financial institutions. But employment information has been a nagging worry as well, with significant data breaches in recent years at organizations including the U.S. Department of Veterans Affairs.

—Ed Frauenheim