Safety Precautions for Monster.com Users after Hack Attack

Monster.com announced on Friday that its database was illegally accessed, and that crooks lifted user data including "Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data." The attack extended to the USAJobs federal site (usajobs.opm.gov), as Monster.com is a technology provider for that site.

The last time this kind of data was stolen from Monster.com, the information was used to send phishing e-mails and distribute malware. Crooks know they'll stand a better chance of tricking people with a fake e-mail using social engineering, such as sending Monster.com users an e-mail that contains Monster.com data and is spoofed to look as if it comes from the jobs site.

So if you have used Monster.com or the USAJobs site, be especially wary about e-mails that appear to come from either site. Last time around the malicious messages used subjects such as "Monster customer service: important notice" or "Monster customer service: please confirm your data!" according to the above-linked story from SC Magazine.

Also, if you used the same password for your Webmail or other accounts that you use for either jobs site, be aware that the thieves might very well try that password to break into your e-mail accounts. They might then send out bogus e-mails to your contact list asking for money, or hunt for messages that contain financial data. So be sure to change the password on other sites if it matched your Monster site login.

According to security company Sophos, Monster.com may not be alerting users via e-mail. So if you know someone who uses the site, point him or her towards the Monster.com alert and that from USAJobs.

Subscribe to the Security Watch Newsletter

Comments