Second attack on Monster website discovered
Investigations into data breach uncover second attack on job website.
The attack on job website Monster.com has left more than 1.3 million users of the site open to identity theft. Monster's chief executive admitted that a second hack of the site went unnoticed.
Sal Iannuzzi said that further investigations by the company unearthed the second hit and said that the company had no idea how much information had been taken during the cyber onslaught or how many times the database had been accessed by criminals.
"We are assuming that it is a large number," he told Reuters. "It could easily be in the millions."
The company is promising to invest £40 to £50 million in traffic monitoring equipment to detect such breaches, but admitted that the website may never be safe.
"I want to be clear and I want to be frank: there is no guaranteed fix," Iannuzzi said. "I wish I could say there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no internet company can."
While the information stolen from the site can't be used to siphon off money from victims it can be used in social engineering scams in order to get such sensitive financial information directly from the victim.
There have already been cases reported on the internet of phishing gangs sending out emails pretending to be recruitment companies asking for bank details within fake job application forms. The false emails also harbour malware designed to compromise a victim's computer and turn it into part of a botnet.
As reported by IT PRO, Monster had known about the attack five days before it went public with the breach. Around 73 million CVs are held on the website's database, but Iannuzzi claimed that only a handful of accounts were cancelled by users and employers.
Reproduced from an article published by IT Pro
© IT Pro
The original article can be viewed here:
http://www.itpro.co.uk/security/news/123726/second-attack-on-monster-websit...
Permalink Bookmark Digg this story
