Skip to main content
BBC NEWS / TECHNOLOGY
Graphics VersionBBC Sport Home
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Health | Science & Environment | Technology | Entertainment | Also in the news | Have Your Say |
11:52 GMT, Tuesday, 27 January 2009

Job website hit by major breach

Screenshot from monster.co.uk website

Hackers are believed to have stolen the personal details of millions of people using the online job site Monster.

Users around the world have been affected, including the 4.5 million users of the UK site.

If all are affected it would make it the biggest data theft in the UK since the details of 25 million child benefit claimants went missing last year.

The recruitment giant has advised people to change their passwords and be on the lookout for phishing e-mails.

Recruitment sites have proved rich pickings for criminally-minded hackers in the past and it is not the first time Monster has fallen foul of cyber thieves.

In 2007, 1.3 million details were downloaded to servers based in Ukraine.

Phishing danger

Last year the details of 1.6 million jobseekers were stolen and followed by sustained phishing attacks, where people are fooled into installing malware via links in emails.

Monster first revealed that its database had been attacked again on 23 January but has remained tight-lipped about the scale of the attack.

"We recently learned our database was illegally accessed and certain contact and account data were taken," said Monster senior vice president Patrick Manzo in a statement.

He went on to admit that hackers had stolen user names, passwords, telephone numbers and e-mail addresses, alongside demographic data, birth dates, gender and ethnicity.

CVs had not been accessed, he said.

The statement warned people to be on the look-out for phishing e-mails built around the details surrendered to Monster.

"Monster will never send an unsolicited e-mail asking you to confirm your username and password, nor will Monster ask you to download any software tool or access agreement in order to use your Monster account," it read.

Graham Cluley, a senior consultant with security firm Sophos, said hackers armed with details from Monster accounts, could target other online information.

"It is surprising just how many people use the same password for a variety of sites. They need to change all passwords that are the same as that for their Monster login," he said.


E-mail this to a friend
Related to this story:
Monster attack steals user data (21 Aug 07 |  Technology )
Extent of data losses is revealed (19 Aug 08 |  UK Politics )
How firms and fraudsters deal in data (21 Nov 07 |  Technology )
Timeline: Child benefits records loss (25 Jun 08 |  UK Politics )
Job seekers warned over CV theft (20 Oct 08 |  Business )

RELATED INTERNET LINKS
Statement from Monster
Monster
Sophos
The BBC is not responsible for the content of external internet sites


SEARCH BBC NEWS: 
News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia | UK | Business | Health | Science & Environment | Technology | Entertainment | Also in the news | Have Your Say |

NewsWatch | Notes | Contact us | About BBC News | Profiles | History

^ Back to top | BBC Sport Home | BBC Homepage | Contact us | Help | ©