Recruitment website Monster.com has been hacked for the second time in two years, compromising personal data.
According to a warning published by Monster, data stolen included users’ e-mail addresses, names, phone numbers and some demographic data.
“Customers of both Monster and USAJobs have been placed at serious risk because of this attack,” said Graham Cluley, senior technology consultant at Sophos.
Hackers could also use the email addresses and personal information they have stolen to mount a realistic, but bogus, e-mail campaign to gather more sensitive information from the victims.
“But that’s just the tip of the iceberg. Since so many people use the same password for every website, there’s a good chance the cyber-criminals will be able access users’ bank accounts and other sites,” said Cluley.
The incident follows a similar attack on both sites 18 months ago when hackers stole details of jobseekers via recruiter accounts.
In August 2008, Monster said it had more than five million users, around 40% of the online job seeking population in the UK.
Patrick Manzo, Monster global chief privacy officer, confirmed hackers had taken personal details, but did not include CVs. “Immediately upon learning about this, Monster initiated an investigation and took corrective steps,” he said.
He said the website’s users may soon be required to change password upon logging onto the site. Users could change their own passwords now as a precaution, he said. “We regret any inconvenience this may cause you, but feel it is important that you take these preventive measures.”