Monster defends delay in notifying users of data breach

Online job service says it wanted to launch its own investigation to verify the breach before notifying job seekers who had been affected.

Patrick Manzo, Monster Worldwide's vice president of compliance and fraud prevention, today said going forward, the company is notifying all users in its active job-seeker database that their information may be compromised.

This announcement comes one day after Monster's CEO Sal Iannuzzi admitted the theft of contact information for job seekers in Monster's database may have been much greater than the 1.3 million individuals reported earlier this month.

Monster said it learned of the proverbial break-in when it was notified by security vendor Symantec. And Monster said it wanted to launch its own investigation to verify the security breach before notifying those job seekers who had been affected, Manzo said. He added it would have been "irresponsible" for Monster to contact its job seekers without first verifying the information Symantec had provided.

In mid-August the Inforstealer.monstres Trojan horse was used in e-mails to Monster.com subscribers; the e-mail pretended to be from a potential employer. According to Symantec, subject lines included "(a person's real name), Monster.com suggests You the new job for you" and "(realname), Monster.com have the new job for you." Offers included $500 as sign-on bonus, the ability to work from home, and the recruiter also promised a very small amount of work hours.

The e-mail contained a link or attached file which, when executed, installed the Prg Trojan on the victim's computer. Thereafter any personal information typed into the compromised computer was then relayed to servers in Asia. As part of the job application, potential employees were asked to provide Social Security numbers and bank account information.

Prg uses a back-door proxy server listening for connections on port 6081. Port 6081 is not currently assigned for legitimate services, so if port 6081 is open on your computer, and there is traffic on that port, you may be infected. SecureWorks notes that some victims who used commercial antivirus protection to remove the Trojan, would later revisit the infected job sites and were therefore at risk of being infected with another variant of the same Trojan.

In mid-August, Don Jackson and Joe Stewart, two security researchers at SecureWorks, identified a server in Asia containing one of the largest caches of stolen data attributed to the Prg Trojan. The data on the server included bank and credit card information, Social Security numbers, online payment account user names and passwords.

Monster's Manzo stressed the information in the Monster Worldwide database is similar to that found on a business card--name, phone numbers, e-mail addresses--but no financial information or Social Security numbers.

Monster is beefing up its ability to monitor traffic on its Web site, tighten access controls and policies, as well as improve its privacy steps for job-seeker information, Manzo said. One such task it has undertaken is asking employers who use its site to rely on more complex passwords.

News.com's Dawn Kawamoto contributed to this blog.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best 3D-printing projects of 2014 (pictures)
    15 crazy old phones from a Korean museum (pictures)
    10 gloriously geeky highlights from 2014 (pictures)
    2015.5 Volvo XC60: updated tech, understated design
    Busted! CNET readers show us their broken devices (pictures)