Morning:
8°c
Hackers steal details of 4.5m in biggest case of cyber theft
Mark Prigg, Technology Correspondent27 Jan 2009
THE personal details of 4.5 million people have been stolen from a recruitment website in Britain's biggest case of cyber theft.
Hackers accessed the confidential information of job seekers registered with Monster.co.uk and now hold electronic copies of their user names, passwords, telephone numbers and email addresses.
Information such as birth dates, gender and ethnicity was also taken, along with "basic demographic data". The victims are mainly professionals.
Monster.co.uk has posted a message on the site advising all customers to change their passwords immediately.
"We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures," the message said.
Experts today warned the data could be used by gangs to open fake bank accounts or take out loans in the names of customers. "It's a horrendous breach," said Graham Cluley of computer security firm Sophos. "These hackers could now use the passwords to access email and online bank accounts. The information they have can be used to cause all kinds of mischief."
It is also feared the hackers will use the information to launch so-called phishing attacks, using the information stolen from Monster to trick users into giving out more details.
"One very real risk is that hackers will use the email addresses and personal information they have received to mount a phishing campaign, attempting to gather more sensitive information about victims," said Mr Cluley.
"Phishing emails which attempt to look more legitimate by using the recipient's real name and other personal information are always more successful."
The Information Commissioner's Office, the privacy watchdog, said that it would investigate the breach.
"The ICO does not hesitate to investigate the most serious cases where sensitive details or large collections of personal information fall into the wrong hands," a spokesman said.
Police on both sides of the Atlantic are also expected to investigate. The Serious Organised Crime Agency said it was aware of the situation.
Monster.com, the site's US owner, said the stolen data did not contain details of CVs or financial information. "We are taking appropriate law enforcement action," a spokeswoman said.
"It is important to know the company continually monitors for any illicit use of information in our database, and so far, we have not detected the misuse of this information."
It is the third time in two years that security at the world's largest recruitment site has been breached.
In August 2007 Monster.com's database was infected by a virus called infostealer.monstres, which siphoned off more than 1.6 million records, mostly of customers based in the US.
A Russian gang was said to be responsible. It was found to be selling "identity harvesting services" to fraudsters.
Reader views (4)
I hadn't used monster in nearly 3 years, thankfully, I'd been so fed up with people using my details to try to sell me things that I removed all pertinent information ages ago.
- Bob, Cheam, 28/01/2009 10:21
Report abuse
It amazes me that companies continue to allow their systems to be infultrated with all the warnings they are given by “professional” companies that can ensure that they are fully protected and that their customers data is fully protected. Why should any one trust this company in the future?
- Mike Melbourne, Bedford England, 28/01/2009 00:28
Report abuse
It's all very well telling us to change our password, the link to their website to do so doesn't work! What are we supposed to do!
- Louisa, Hertfordshire, 27/01/2009 17:35
Report abuse
Second time in 18 months. Why can't they sort this problem out by encrpyting the data so hackers cannot see the data, it will be scrambled. I have changed my password with Monster.co.uk for the second time in 18 months. If the password you use for other log in sites is the same as the one you use for Monster.co.uk then you should change it as well.
- Frank, London, 27/01/2009 16:55
Report abuse
