Second Monster hack affects millions

Monster.com has admitted that the number of job seekers on its website who had their personal data stolen is greater than the 1.3 million originally reported.

Sal Iannuzzi, chief executive at the recruitment website, said that the company's investigations into the recent hack found a second attack that had gone undetected.

Iannuzzi admitted that Monster.com had no idea how much information had been taken in the second attack nor how often its database had been accessed.

"We are assuming that it is a large number," he told Reuters. "It could easily be in the millions."

Despite promising to invest US$80m to US$100m in traffic surveillance and security, Iannuzzi admitted that Monster.com may never be safe.

"I want to be clear and I want to be frank: there is no guaranteed fix," he said. "I wish I could say there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no internet company can."

Monster.com said that the only data that was taken were names, addresses, phone numbers and email addresses.

However, follow-up attacks have already targeted Monster.com job seekers using social engineering techniques to try and gain financial details.

Emails have been sent out pretending to be from recruiters asking for bank account details to complete job applications.

False emails containing links to malicious software that could steal sensitive data have also been sent out.

Monster.com kept the original attack secret for five days before alerting users to the problem.

The company's database holds around 73 million CVs. Iannuzzi claimed that only a few hundred had cancelled their accounts, along with a "handful" of employers.

Copyright ©v3.co.uk