Anindya
In the zone
London: Hackers have attacked the world's largest online recruiter and stolen the personal details of thousands of jobseekers thereby exposing them to the risk of blackmail, a security firm has said.
Posing as would-be employers who routinely scour the site for prospective workers, the hackers used a computer programme to access 'Monster.com' and steal users' log-in details, said Symantec, the online security firm which discovered the breach.
In a warning published on its website, Symantec said the logins were used to "harvest user names, e-mail addresses, home addresses and phone numbers, which were uploaded to a remote web server."
"This remote server held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website," said Symantec.
Having stolen the information, the hackers have reportedly e-mailed the victims claiming to have infected their computers with a virus and threatening to delete files unless demands for payment were met.
"We're still investigating. We don't yet know how this information was obtained, other than that it was downloaded using the login details of legitimate customers of ours," Monster.com's Vice-President for Fraud Prevention Patrick W Manzo told London's Times newspaper.
"It seems likely it was done over a period of time, because we would have noticed such a vast quantity of details being taken all in one go," he was quoted as saying.
However, a statement from the company said that it would "take all necessary steps to mitigate the issue, including terminating any account used for illegitimate purposes."
Source
Posing as would-be employers who routinely scour the site for prospective workers, the hackers used a computer programme to access 'Monster.com' and steal users' log-in details, said Symantec, the online security firm which discovered the breach.
In a warning published on its website, Symantec said the logins were used to "harvest user names, e-mail addresses, home addresses and phone numbers, which were uploaded to a remote web server."
"This remote server held over 1.6 million entries with personal information belonging to several hundred thousands of candidates, mainly based in the US, who had posted their resumes to the Monster.com website," said Symantec.
Having stolen the information, the hackers have reportedly e-mailed the victims claiming to have infected their computers with a virus and threatening to delete files unless demands for payment were met.
"We're still investigating. We don't yet know how this information was obtained, other than that it was downloaded using the login details of legitimate customers of ours," Monster.com's Vice-President for Fraud Prevention Patrick W Manzo told London's Times newspaper.
"It seems likely it was done over a period of time, because we would have noticed such a vast quantity of details being taken all in one go," he was quoted as saying.
However, a statement from the company said that it would "take all necessary steps to mitigate the issue, including terminating any account used for illegitimate purposes."
Source