I just read a few articles about the Monster disaster and I am shocked. Different sources report, that 1.3 millions + x individuals data was stolen. Including private information (e.g. email / phone /resume...) as well as financial information. Monster has put up a notice on their site, that includes the following words:
"The Company has determined that this incident is not the first time Monster's database has been the target of criminal activity. Due to the significant amount of uncertainty in determining which individual job seekers may have been impacted, Monster felt that it was in your best interest to take the precautionary steps of reaching out to you and all Monster job seekers regarding this issue. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a 'phishing' email that attempts to acquire financial information or lure job seekers into fraudulent financial transactions. This has been the case in similar attacks on other web sites."
So let's summarize that:
1. The Monster site got "hacked" not only once, but several times.
2. Nobody at Monster noticed the hacks for a while.
3. More than a million individuals private contact info incl. financial information has been illegally downloaded, but Monster has no idea how many exactly.
4. Monster works "in their[users] best interest" and tells them how to prevent phishing attacks.
The statement above is a poor call and I don't wonder why worldwide senior executives jump board over the last few months. Monster screwed up and not their users! The users have done nothing and are certainly aware of what can be done with their data. Phishing is one of the more harmless things I can think of. A few months ago I looked a recruiter with an recruiter Monster account over the shoulder. The recruiter account basically gives full access to any information, that the job seekers posted.
This was not only a scary experience for me, but is also irresponsible from Monster. Nobody in the world should have unlimited and full access to a resume, posting date, private contact info, references... of millions of people. Recruiter or Employer accounts should be...
1. Connected to a certain IP, so if someone steals/hacks the account number, they won't be able to login
2. Should be limited to a certain amount of resume searches per session
3. Should be logged by an internal security/tracking system.
4. Additionally Monster should have an internal mailing system, so email addresses and phone numbers won't have to be made public.