Monster waited five days to disclose data breach

Monster.com took five days to tell users of its website that a security breach resulted in the theft of confidential data from around 1.3 million people, according to an executive of the company.

As reported by IT PRO, Hackers broke into the US online recruitment site's password-protected resume library using credentials stolen from victims using a trojan.

They launched the attack using two servers at a web hosting company in Ukraine and a group of personal computers that the hackers controlled after infecting them with a malicious software program known as Infostealer.Monstres, said Patrick Manzo, vice president of compliance and fraud prevention for Monster.

The company first learned of the problem on 17 August, when investigators with internet security company Symantec told Monster it was under attack, Manzo said.

"In terms of figuring out what the issue was, that was a relatively quick process," he said. "The other issue is you want to make sure exactly what you are dealing with."

His security team spent the weekend investigating, located the rogue servers, and got the Web-hosting company to shut them down some time either late in the evening on 20 August, or early in the morning of 21 August, he said.

Manzo said that based on Monster's review, the information stolen was limited to names, addresses, phone numbers and email addresses, and no other details including bank account numbers were uploaded.

On 21 August, Symantec published a report on its website that said it had found copies of scam e-mails that the engineers of the attack were using, with the aim of getting information that was more valuable than just the names and contact details of Monster.com users.

Pretending to be sent through Monster.com from job recruiters, the emails asked recipients to provide personal financial data, including bank account numbers. They also asked users to click on links that could infect their PCs with malicious software.

Their ultimate goal in taking the data from Monster.com was to gain enough personal information to lower the guards of target victims when they read the emails, said Patrick Martin, a senior product manager with Symantec's response team in Austin, Texas, which first identified the attack.

"It gives these spam emails just a little bit of credibility," Martin said. "These guys were trying to get financial information from people."

It wasn't until Wednesday, a day after Symantec issued the 21 August report, that Monster put a notice on its website warning users they might be the target of email scams.

Monster then announced on Thursday that the details of some 1.3 million job seekers had been stolen. Fewer than 5,000 of those affected are based outside the US, it said in a statement.

A company spokesman said Monster also posted letters to the 1.3 million affected users on Thursday in case the users were wary of opening email from the company after the breach. He said Monster's database has about 73 million resumes.

The security breach comes at a rough time for the company, which in July reported lower-than-expected quarterly earnings.

Chief Executive Sal Iannuzzi, who took the company's helm in April, said on 30 July that he plans to cut 800 jobs, or 15 per cent of Monster's full-time staff, in a bid to improve its financial performance.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.