Page last updated at 11:52 GMT, Tuesday, 27 January 2009

Job website hit by major breach

Screenshot from monster.co.uk website
The 4.5m people signed up to monster.co.uk could be affected

Hackers are believed to have stolen the personal details of millions of people using the online job site Monster.

Users around the world have been affected, including the 4.5 million users of the UK site.

If all are affected it would make it the biggest data theft in the UK since the details of 25 million child benefit claimants went missing last year.

The recruitment giant has advised people to change their passwords and be on the lookout for phishing e-mails.

Recruitment sites have proved rich pickings for criminally-minded hackers in the past and it is not the first time Monster has fallen foul of cyber thieves.

In 2007, 1.3 million details were downloaded to servers based in Ukraine.

Phishing danger

Last year the details of 1.6 million jobseekers were stolen and followed by sustained phishing attacks, where people are fooled into installing malware via links in emails.

Monster first revealed that its database had been attacked again on 23 January but has remained tight-lipped about the scale of the attack.

"We recently learned our database was illegally accessed and certain contact and account data were taken," said Monster senior vice president Patrick Manzo in a statement.

He went on to admit that hackers had stolen user names, passwords, telephone numbers and e-mail addresses, alongside demographic data, birth dates, gender and ethnicity.

CVs had not been accessed, he said.

The statement warned people to be on the look-out for phishing e-mails built around the details surrendered to Monster.

"Monster will never send an unsolicited e-mail asking you to confirm your username and password, nor will Monster ask you to download any software tool or access agreement in order to use your Monster account," it read.

Graham Cluley, a senior consultant with security firm Sophos, said hackers armed with details from Monster accounts, could target other online information.

"It is surprising just how many people use the same password for a variety of sites. They need to change all passwords that are the same as that for their Monster login," he said.

Print Sponsor


SEE ALSO
Monster attack steals user data
21 Aug 07 |  Technology
Extent of data losses is revealed
19 Aug 08 |  UK Politics
How firms and fraudsters deal in data
21 Nov 07 |  Technology
Timeline: Child benefits records loss
25 Jun 08 |  UK Politics
Job seekers warned over CV theft
20 Oct 08 |  Business

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC iD

Sign in

BBC navigation

Copyright © 2016 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific