Monster.com shuts down rogue server linked to data theft

Summary:Monster.com has shut down a rogue server that was accessing its database to hijack personal information from about 1.3 million job seekers.

Monster.com shuts down rogue server
Monster.com has shut down a rogue server that was accessing its database to hijack personal information from about 1.3 million job seekers.

In a statement issued today, the company said most of the affected job hunters were based in the U.S.

As previously reported, the information contained on this server was limited to names, addresses, phone numbers and email addresses. Based on Monster's thorough review, no other details, including bank account numbers, were uploaded.

Monster is working closely with the appropriate regulatory agencies and law enforcement authorities on this issue. Currently, the Company is reaching out to impacted individuals to alert them. As part of its communications, Monster is in the process of informing these individuals on the appropriate precautionary steps to protect themselves from any fraudulent emails claiming to be from Monster and asking for personal details.

The Monster.com statement comes on the heels of Symantec's discovery of Infostealer.Monstres, a Trojan horse rigged to steal sensitive information from the compromised computer and targets Monster.com users when they post data online.

According to Symantec's Amado Hildalgo, the rogue server was making connections to hiring.monster.com and recruiter.monster.com, two sub-domains used by recruiters and human resources personnel to search for potential candidates and post jobs to Monster.

[The] Trojan appears to be using the (probably stolen) credentials of a number of recruiters to login to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields. The Trojan sends HTTP commands to the Monster.com Web site to navigate to the Managed Folders section. It then parses the output from a pop-up window containing the profiles of the candidates that match this recruiter's saved searches.The personal details of those candidates, such as name, surname, email address, country, home address, work/mobile/home phone numbers and resume ID, are then uploaded to a remote server under the control of the attackers.

Topics: Servers

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.