Monster upgrades its security following data breach

In an interview Wednesday with news agency Reuters, Sal Iannuzzi, chairman and chief executive officer of the popular job recruitment website said the company plans to upgrade traffic monitoring solutions, boost its security staff and further educate end-users.

Monster will pull funds from an expected US$80 to US$100 million technology investment it announced last month, he said.

Joel Rosen, CEO of data security firm Tizor, said Monster is taking the right technology approach.

"History has shown there's no way to make perimeters hacker-proof," he told SCMagazine.com. "It's about how the data is being used. You need to watch the way the data is being used. It's fundamentally about visibility."

Since the compromise – in which hackers used stolen login credentials to gain access to the site and then spread a trojan to capture names, email addresses and telephone numbers of job seekers – about 200 to 300 seekers and a "handful" of employers have canceled their accounts, Iannuzzi said.

The hackers used the stolen information to deliver spear phishing emails to job seekers, claiming to come from Monster. The emails either requested financial details or recruited recipients to join scams.

Security experts have told SCMagazine.com that these multi-stage attacks could become more common in the future.

Meanwhile, in a letter to customers posted on the site, Iannuzzi said this may not be the first time Monster’s database has been targeted by criminals.

"As is the case with many companies that maintain large databases of information, Monster is from time to time subject to attempts to illegally extract information from its database," he said.

The remote server hosting the stolen records in this case has been taken offline.

breachdatafollowingitsmonstersecurityupgrades