Usernames and passwords may be the largest concern of the Monster.com data breach.
Jason Hart, ethical hacker and Senior VP at CRYPTOCard, claimed that the fact that the company was hacked did not surprise him, as there is a vulnerability with cloud storage and that ‘people need to take responsibility on the use of cloud services as they use it to store confidential information'.
Hart said: “As an online presence, they are an easy target and getting access to get the data is pretty straightforward. The data that is useful is usernames, passwords and email addresses, and once you have this data saved, this can be used for an attack.
“How many people will use the same user name, email address or password to access their online banking? A lot of banks require just a username and password as a single factor of authentication and if one bank applies that, how many people will be affected?”
Hackers gained access to confidential details provided by approximately 4.5 million people to the online recruitment site, with names, passwords, telephone numbers, email addresses, birth dates, sex and ethnicity data as well as other ‘demographic information' all stolen, the company admitted.
Monster.com said the stolen data did not contain details of CVs or financial information. “We are taking appropriate law enforcement action,” a spokeswoman said.
Hart concluded: “How is the data stored? What can it be used for? The day we remove static passwords is the day that we are all much more secure.”
See original article on scmagazineuk.com
Bank accounts may be hit after Monster.com hacking
By Dan Raywood on Jan 29, 2009 10:46AM