Personal info on 150,000 job seekers at USAJobs stolen
Nearly 150,000 identities belonging to users of USAJobs stolen in Monster attack
Computerworld - The identity thieves who ransacked Monster.com's database also made off with the personal information of 146,000 people who use USAJobs, the federal government's official job search site, federal officials said today.
Monster Worldwide Inc. operates the USAJobs.gov Web site for the Office of Personnel Management (OPM), the independent agency that manages the federal civil service. Like Monster's commercial sites, USAJobs lets job seekers post resumes and federal agencies post job openings.
Of the 2 million subscribers to the federal job site, about 146,000 were affected by the heist engineered by Infostealer.Monstres, a Trojan horse that used legitimate log-on credentials stolen from recruiters to sift through the Monster database. According to Monster executives, the Trojan absconded with the names, addresses, e-mail addresses and phone numbers of some 1.3 million people. Although stored in the Monster databases, some of those people were USAJobs users. No Social Security numbers were stolen, the OPM stressed in an alert posted to USAJobs.
"OPM is working with Monster Worldwide to implement a long-term remedy to protect data," said the agency, which is sending letters to all subscribers warning them of phishing attacks that may use the purloined information. "Be on the alert for fraudulent e-mail that advertises positions managing financial transactions, or cashing checks," the agency's alert said. "These e-mails are attempting to engage job seekers in a money laundering or bad check scam."
The Infostealer.Monstres Trojan has the ability to spew spam to the e-mail addresses it harvested by cranking out targeted phishing messages that spread other malicious software or recruited "money mules" -- middlemen who transfer money from a phished bank account to a foreign bank account.
Although the OPM was unavailable for comment Thursday night, earlier in the day, an agency spokesman told the Reuters news service that the government got its first hint of the theft on July 20, when a job seeker reported receiving a phishing message. Although Symantec Corp. researchers notified Monster on Aug. 17 of an apparent data breach, other security researchers had reported individually targeted phishing messages bearing the Monster brand as far back as July 5. Yesterday, Monster's CEO admitted that the mid-month theft was not the first time the company's data had been attacked.
Monster Worldwide operates numerous other online job search services and job-hunting sections of sites owned by others. Among the latter, it services the career center for armed service members' spouses on Military.com; runs co-branded search services with several newspapers, including the Philadelphia Inquirer; and powers the job search features of federal, state and local governments, including the Los Angeles Police Department. It's not known whether any additional sites operated by Monster Worldwide were affected by the Infostealer.Monstres data looting.
Monster was not available for comment Thursday night.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts