Hackers penetrate UK job site
- From: UltraLazarus <ultralazarus2@xxxxxxxxxxx>
- Date: Mon, 26 Jan 2009 19:11:52 -0800 (PST)
Hackers steal details of 4.5 million in attack on Monster jobs site
(monster.co.uk)
About four out of ten people use the same password to access multiple
websites
Alexi Mostrous
The personal details of millions of job seekers have been stolen in
the largest data theft in Britain, The Times has learnt.
Hackers gained access to confidential details provided by 4.5 million
people to Monster.co.uk, the online recruitment site.
Names, passwords, telephone numbers, e-mail addresses, birth dates,
sex and ethnicity data as well as other “demographic information”,
were all stolen, the company admitted yesterday.
It is the most extensive breach of confidential data since HM Revenue
and Customs lost the details of 25 million child benefit recipients in
2007.
Related Links
Wikipedia calls for pre-approval of changes
Music pirates will not be disconnected
Nintendo 'no better than pencil and paper'
The victims are mainly professional staff who are seeking work in the
economic downturn. Registrations at the site, which allows employers
to browse thousands of CVs online, have soared as redundancies have
risen.
Monster.com refused to comment on how much information had been taken
but The Times understands that the personal details of millions of
people can be downloaded in under an hour once a hacker has gained
access.
Security analysts told The Times that the plundered data from the
recruitment site would be used by organised gangs to open fake bank
accounts or take out loans in the names of unsuspecting customers.
Monster.co.uk has posted a message on the site advising all customers
to change their passwords immediately.
“It’s a horrendous breach,” said Graham Cluley, of Sophos, an IT
security firm. “The information they have can be used to cause all
kinds of mischief.”
About four out of ten people use the same password to access multiple
websites, Mr Cluley said, meaning that criminals could use the
Monster.co.uk data to obtain far more sensitive information. “These
hackers could now use the passwords to access e-mail and online bank
accounts.”
Police on both sides of the Atlantic are expected to investigate the
breach. The Serious Organised Crime Agency said it was aware of the
situation but refused to confirm if it was investigating the website.
Companies that advertise with Monster.co.uk, the British arm of the
American-based global website, expressed outrage yesterday.
A spokesman for Britannia Building Society, which advertises vacancies
on the site, said: “We will be seeking assurances from them about the
credibility and reliability of the site, as we take the security of
personal information of potential applicants very seriously.”
The Information Commissioner’s Office (ICO), the privacy watchdog,
said last night that it would look into the breach.
“The ICO does not hesitate to investigate the most serious cases where
sensitive details or large collections of personal information fall
into the wrong hands,” a spokesman said.
It is the third time in two years that security at the world’s largest
recruitment site has been breached.
In August 2007 Monster.com’s data-base was infected by a virus called
infostealer.monstres, which siphoned off more than 1.6 million
records, mostly of customers based in the US.
A Russian gang called Phreak was said to be responsible. It was found
to be selling “identity harvesting services” to fraudsters, charging
£300 for data.
Yesterday Monster.com said the stolen data did not contain details of
CVs or financial information. “We are taking appropriate law
enforcement action,” a spokeswoman said.
.
- Prev by Date: Warner Music Group Sucks
- Next by Date: UK Job Losses Hit 50,000 This Year
- Previous by thread: Warner Music Group Sucks
- Next by thread: ICM Poll- Tories Regain Lost Ground On Brown
- Index(es):
Relevant Pages
|
