Media_httpi89photobuc_dfxfx

BBC report­ed that the US job site Monster.com got attacked and attack­ers were able to steal hun­dreds of thou­sands of user data. Syman­tec, a pop­u­lar secu­ri­ty firm said that a Tro­jan was used to access the employ­ers’ sec­tion of the web­site using stolen log-in cre­den­tials.

The log-ins were used to har­vest user names, e-mail address­es, home address­es and phone num­bers, which were uploaded to a remote web serv­er. Accord­ing to Syman­tec, this remote serv­er held over 1.6 mil­lion entries with per­son­al infor­ma­tion belong­ing to sev­er­al hun­dred thou­sands of can­di­dates, main­ly based in the US, who had post­ed their resumes to the Monster.com web­site.

Syman­tec said users should always lim­it con­tact infor­ma­tion post­ed to job web­sites and to use a dis­pos­able e-mail address. The secu­ri­ty firm also sug­gest­ed that “nev­er dis­close sen­si­tive details such as your social secu­ri­ty num­ber, pass­port or driver’s license num­bers, bank account infor­ma­tion to prospec­tive employ­ers until you have estab­lished they are legit­i­mate”.

This is why I made it my habit to use dum­my infor­ma­tion on most of the sites that I’m a mem­ber of but I know that the Inter­net new­bies will keep mak­ing the same mis­take of enter­ing cor­rect infor­ma­tion while fill­ing out a site mem­ber­ship form.

Tagged with →  
Share →