Last Friday, the job hunting website Monster.com announced a data breech:
We recently learned our database was illegally accessed and certain contact and account data were taken, including Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data.
The appropriate and traditional way to handle an intrusion like this is to notify all customers. And require each account password to be changed. However, Monster’s taken the irresponsible, insufficient path of linking a “Security Notice” from their sidebar below the fold without requiring mandatory password changes.
This post serves two purposes: One, if you’ve ever utilized Monster I suggest you change your password ASAP. Second, and more importantly, it’s probably safe to assume mishaps and intrusions like these will continue amongst a wide array of online services – so, as inconvenient as it may be, employ as many unique passwords as you can during your web travels.
I also find it amusing their URL contains “be safe” … as the entity responsible for letting our data go. How about you “be secure” instead. ;)
And to my friends at jkOTR and Mari, please be selective when signing in to sites/services from those public WiFi hotspots. At the very least make sure the site’s got SSL and any sensitive emails/IMs aren’t sent in the clear.
Thanks for the heads-up. I just changed my Monster password now.
I can say from firsthand experience that “customer first” is not the motto at monster.com. I used to get inundated with recruiters from all over the country, get rich quick schemes, and tons of start your own business ads, over and over again from the same companies. Despite my repeated attempts to get monster.com, they continued pouring in for months. I finally created a dummy gmail account, updated my account info, then closed the gmail account.
It’s actually worse than I thought. Monster.com provides services for USAJobs.com, the official government job site. Wonder if they notified all registrants of their sub-site. I can’t recall if I’m registered or not.
Frank, I’ve always kept my resume(s) private pretty much since using them way back during the first tech bubble, so I wouldn’t be inundated like that. Related, I’m still not sure how LinkedIn works – I get random inquiries now and then.