Monster.com Loses 1.3 Million Names
Cyberthieves broke into the job search site Monster.com’s database and stole the personal data of at least 1.3 million people. According to the USA Today, Monster released a statement saying it had shut down the “rogue server” being used to steal data. Monster said only names, addresses, phone numbers and e-mail addresses were found were stored on the infiltrated server.
To target Monster, thieves put out emails and pop-up adverts pitching job-finding services to get victims to click on a false web link. Clicking popped up in an error message and turned over control of the victim’s computer to the intruder. Infected computers are incorporated into a “zombie” network to spread more email spam, deliver more infections, and steal more data. All of the information typed into the victim’s computer, including user names and passwords for online accounts get collected.
Thieves apparently used stolen data to log into a job recruiter’s Monster account and order contact information for 1.3 million users. The data was used to target the Monster.com users with email scams touting Monster’s services.
David Cole, director of Symantec Security Response team, said “The advice to just stay out of the dark corners of the Internet really doesn't hold water any more. The bad guys are going to legitimate websites and attacking people.”