Monster.com’s database was ransacked by identity thieves who also obtained personal information of 146,000 people who use USAJobs, which is the federal government’s official job search site, according to federal officials.
Monster Worldwide Inc. operates the USAJobs.gov Web site for the Office of Personnel Management (OPM), the independent agency that manages the federal civil service. Like Monster’s commercial sites, USAJobs lets job seekers post resumes and federal agencies post job openings.
Of the two million subscribers to the federal job site, about 146,000 were affected by the heist engineered by Infostealer.Monstres, a Trojan horse that used legitimate log-on credentials stolen from recruiters to sift through the Monster database. According to Monster executives, the Trojan absconded with the names, addresses, e-mail addresses and phone numbers of some 1.3 million people. Although stored in the Monster databases, some of those people were USAJobs users. No Social Security numbers were stolen, the OPM stressed in an alert posted to USAJobs.
“OPM is working with Monster Worldwide to implement a long-term remedy to protect data,” said the agency, which is sending letters to all subscribers warning them of phishing attacks that may use the purloined information. “Be on the alert for fraudulent e-mail that advertises positions managing financial transactions, or cashing cheques,” the agency’s alert said. “These e-mails are attempting to engage job seekers in a money laundering or bad cheque scam.”
The Infostealer.Monstres Trojan has the ability to spew spam to the e-mail addresses it harvested by cranking out targeted phishing messages that spread other malicious software or recruited “money mules” – middlemen who transfer money from a phished bank account to a foreign bank account.
Although the OPM was unavailable for comment Thursday night, earlier in the day, an agency spokesman told the Reuters news service that the government got its first hint of the theft on July 20, when a job seeker reported receiving a phishing message. Although Symantec Corp. researchers notified Monster on Aug. 17 of an apparent data breach, other security researchers had reported individually targeted phishing messages bearing the Monster brand as far back as July 5. Yesterday, Monster’s CEO admitted that the mid-month theft was not the first time the company’s data had been attacked.
Monster Worldwide operates numerous other online job search services and job-hunting sections of sites owned by others. Among the latter, it services the career centre for armed service members’ spouses on Military.com; runs co-branded search services with several newspapers, including the Philadelphia Inquirer; and powers the job search features of federal, state and local governments, including the Los Angeles Police Department. It’s not known whether any additional sites operated by Monster Worldwide were affected by the Infostealer.Monstres data looting.
Monster was not available for comment Thursday night.
Related content:
Canadian police plan global CyberPol centre
Hactivism attacks could rise, warns security expert
ID theft on the rise in Canada, reveals survey