Monster.com, the online job search engine, recently reported that its member database was breached. According to company officials, account data including user ID's, passwords, e-mail addresses, names, phone numbers and demographic data was stolen. This was not the first time the company was breached. In August of 2007, the company reported the theft of 1.3 million accounts.
At that time, the company promised to "institute a comprehensive set of new systems and processes designed to enhance existing security and minimize such threats in the future."
On the bright side, no sensitive data was stolen, since Monster does not capture or store anything like Social Security numbers or financial information. In addition, no resumes were taken in the theft. Monster does recommend that all users change their passwords. If you have an account with Monster, the next time you try and login, you will be prompted to change your password. An e-mail will be sent to you with a one-time password enclosed. You then have to login with the one-time password and change it according to Monster password standards.
I think what is really sad here is the fact that so many people that are unemployed right now are using job search sites like Monster and could be targeted by phishers because of this data breach. This is a very difficult time to be unemployed. The economy is spiriling down, companies are laying off employees by the tens of thousands, and now unemployed workers have to contend with their account data being stolen and possible Internet fraud.
I am very disappointed with Monster. I was under the impression that a company like Monster had a good security program in place. I guess I was wrong.