A computer security analyst says he has uncovered a major breach on the popular jobseeker site Monster.com, potentially exposing hundreds of thousands of people to identity theft.
Amada Hidalgo of Symantec says hackers used a Trojan, called Infostealer Monstres, to get access to personal information on 1.6 million resumes.
Hidalgo said the Trojan appears to be using the credentials of a number of recruiters to log in to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields.
The Trojan sends commands to the Monster.com Web site to navigate to the managed folders section. It then captures the output from a pop-up window containing the profiles of the candidates that match this recruiters saved searches.
The candidates' personal details, such as name, surname, email address, country, home address, work/mobile/home phone numbers and resume ID, are then uploaded to a remote server under the control of the attackers.
This remote server held over 1.6 million entries with personal information belonging to several hundred thousands candidates, mainly based in the US, who had posted their resumes to the Monster.com Web site, Hidalgo wrote in his Web log.
Such a large database of highly personal information is a spammers dream. In fact, we found the Trojan can be instructed to send spam email using a mail template downloadable from the command & control server.
Hidalgo said Symantec has informed Monster.com of the compromised recruiter accounts so they can be disabled.
What To Do
To protect your identity when using recruitment sites, or at least limit your exposure to identity theft, Hidalgo says jobseekers should limit the contact information posted on these sites, use a separate disposable email address and never disclose sensitive details such as Social Security number, passport or drivers license numbers, bank account information, until it has been established the employer is legitimate.
