Monster security fiasco – literally

Job warehouse Monster has had an ongoing security nightmare, with hackers infiltrating the database and pilfering usernames, passwords, and email addresses with which to launch phishing attacks.The worst part? Monster doesn’t know how bad the problem is! From an email sent to me this morning (note the bolded portion):

As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded by conducting a comprehensive review of internal processes and procedures, and notified those job seekers that their contact records had been downloaded illegally.The Company has determined that this was not an isolated incident. Despite ongoing analysis, the scope of this activity is impossible to pinpoint. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a “phishing” email that attempts to acquire sensitive financial information. This has been the case in similar attacks on other websites.

Ouch. Ouch. Ouch.