OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] world: Monster.com job-seeker database infiltrated, personal data taken

From: dano (danowell.com)
Date: Fri Aug 24 2007 - 09:56:24 CDT


Note that no numbers are given here. Early reports on business news
speculate "millions could be affected".

<http://help.monster.com/besafe/email/>

  Security Notice

Monster is continuing to actively investigate and take measures to
address the impact of malicious software, called
Infostealer.Monstres, on our resume database. We are currently
analyzing the number of job seekers who may have been affected by
this software, and will be contacting them as appropriate.

Fortunately, we have been able to identify and shut down the source
of the software. By gaining unauthorized access to employer accounts,
the software was obtaining job seeker contact information. The
information obtained was limited to the names, addresses, phone
numbers and email addresses of job seekers primarily located in the
United States.

The purpose of gathering this information appears to be sending email
disguised as Monster in order to gain recipients' trust, and then
attempting to convince users to engage in financial transactions, or
lure them into downloading malicious software.

Protecting our users from fraudulent activity is one of Monster's top
priorities. Regrettably, opportunistic criminals are increasingly
using the Internet for illegitimate purposes. This problem spans the
Web, particularly websites that receive heavy traffic and serve a
variety of users across the globe.

Monster understands the importance of protecting your personal
information, and values the trust that you place in us. We are
committed to utilizing all of our available resources to remedy this
situation and protect your account information. We will continue to
share information and updates on this situation as available.

If you think you have received an email that may be fraudulent,
please contact us immediately. If you have clicked on a link in this
email, we highly recommend that you run an anti-virus application to
remove anything that may have been installed on your computer, and
contact a Monster Representative to have your Monster account
password changed.

If you receive any email that asks you to download a tool or update
your account or access agreement, contact us to verify its legitimacy
first.

For further information on avoiding email fraud and keeping your
Internet experience secure, please see below.
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml