Hackers Steal 1.6 Million Files From Monster.com

Aug. 22, 2007 — -- This weekend, hackers stole 1.6 million files from Monster.com, one of the country's most popular job-searching Web sites, according to a top security company.

Symantec, which produces well-respected anti-virus software that is used worldwide, detected the problem late last week, Patrick Martin, a senior product manager on Symantec's security response team, told ABCNEWS.com.

Thursday, the company found some malicious code.

"We saw that it was doing some interesting things with some information over in Eastern Europe," Martin said. After investigating more, Symantec found that the e-mail addresses and names all had one thing in common — they were stolen from Monster.com.

The hackers' Trojan virus, which used real employer log-ons and passwords to access information, transferred the data from the site to a server in Eastern Europe.

"The attacks started soon after that," Martin said. "Whenever you see malicious code harvesting e-mail addresses, we know what's going to follow — e-mails."

Almost immediately after Symantec detected the problem, Monster.com users whose e-mail addresses had ostensibly been stolen began receiving "phishing" e-mails. These e-mails, according to Martin, claimed to be prospective employers offering a work-from-home job. All that was needed, the e-mails claimed, was access to the user's bank account. The e-mails specifically reference Bank of America accounts as well as Monster.com and CareerBuilder.com, another popular job-search site.

"What they did was a slightly more sophisticated attack than we normally see. All of these e-mails have one thing in common — people who have submitted resumes and are looking for a job," Martin said. "When the user looks at the e-mail — some unknown e-mail that happens to know that they are looking, [they have a] sense of security [and they think,] 'Wow, this must be legitimate.'"

This is "a total money scam, a fraud scam, that's all this is," he said.

Robert Siciliano, a security expert and CEO of IDTheftSecurity.com, said, "I would certainly suggest that those who have done business with Monster need to monitor their credit immediately."

Siciliano suggested checking credit reports as well as investing in credit monitoring services, a paid service that keeps users informed of new activity.

Martin saw the threat to financial security as a serious one as well. He said he believes the hackers won't stop with these particular e-mails.

"We're watching it. We're seeing if there's anything new happening in the spam area," he said.

With the information, hackers could potentially send e-mails with an attachment that senders claim has more information about a position. The attachment, Martin said, is "really a backdoor Trojan."

"You see nothing [when you open the attachment,] but your machine has just been compromised," Martin said. "Pay attention when you're getting these unsolicited e-mails. … Be a little more alert."

Siciliano agreed with Martin, but says that users should go even further when receiving these e-mails.

"The problem with phishing e-mails is that they look so authentic. The best thing for [recipients] to do is to research that communication above and beyond responding to that e-mail," Siciliano said.

He suggested people contact potential employers directly to find out whether the sender has a position at the company.

Beyond "due diligence that may take them an additional five to 10 minutes," Siciliano also suggested that Monster.com users check their credit records, just to be safe.

"I would certainly suggest that those who have done business with Monster need to monitor their credit immediately," he said.

Monster and its parent company did not return repeated calls for comment.