Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hackers compromise career web sites

Sophos : 27 January, 2009  (Technical Article)
Monster and USAJobs targeted by hackers who have succeeded in compromising both user names and passwords putting user data at risk
IT security and control firm Sophos is advising all users of careers website Monster.com and USAJobs.gov, the official job site of the US Federal Government, to change their passwords following news that both sites have been the victim of a serious hacking attack which has compromised both and usernames and passwords.

Furthermore, as research has discovered that 41 percent of people use the same password for every website they access, many Monster and USAJobs users are likely to be at risk of their accounts on other websites are at risk of being hacked.

According to a warning published by Monster, other data stolen included users' email addresses, names, phone numbers and some demographic data. The incident follows a similar attack on both sites 18 months ago when hackers used the Monstres Trojan horse to steal details of jobseekers via recruiter accounts. That hack was unsurprisingly followed by a widespread phishing campaign.

'Customers of both Monster and USAJobs have been placed at serious risk because of this attack,' said Graham Cluley, senior technology consultant at Sophos. 'One very real risk is that the hackers will use the email addresses and personal information they have stolen to mount a very realistic phishing campaign to gather more sensitive information from the victims. But, that's just the tip of the iceberg - since so many people use the same password for every website, there's a good chance the cybercriminals will be able access users' bank accounts and other sites.'

Sophos recommends that all users of these sites take steps now to minimise the risks. This should first include changing your password for your Monster and/or USAJobs account, as well as for other websites. Sophos advises that users choose a non-dictionary word that is hard to guess, and use different passwords for different websites.

According to media reports, Monster is not planning to warn its users via email about the security breach, but instead posted an advisory on its website.

'There will be a few raised eyebrows about how Monster is choosing to inform its members of this serious security breach. As the company's database was hacked in what appears to have been a similar attack in 2007, customer confidence in the company may be damaged following this latest incident,' continued Cluley.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo