user data stolen — again

You’d think that a Monster once bitten would be twice shy.  But even though user information has been stolen from on at least two prior occasions, it has happened yet again.  This time, the data includes user IDs and passwords, as well  as contact information.  Monster does not store Social Security numbers, thankfully.  The last time contact information was stolen from the site, it was used to construct convincing phishing attacks — so beware of all links or attachments in unsolicited emails (as you should always be). 

Monster is recommending that you log in and change your password immediately, in case the thieves have some intention of using the accounts for nefarious purposes.  If you were foolish enough to use the same password for other sites, you might want to change those, too (and use different passwords for each one this time!).

Monster also hosts USAJOBS, “the official job site of the United States Federal Government.”  Data from that site was also stolen.  The federal government has had its own share of computer security issues in the past.   If they were hoping for better security from the private sector, they might have been a tad disappointed here.

This has to be tough for  You might think that with all the newly jobless people looking for work, their business would be booming.  But remember that the service is paid for by employers who are seeking employees, not by those seeking jobs.  So Monster must be feeling pinched between higher volumes of job seekers and lower volumes of sponsors and satisfied customers.  It’s not surprising that analysts are projecting negative growth for the business throughout next year (though still probably turning a profit).

Monster hasn’t released details on the volume of data stolen, or what type of vulnerability was exploited.  Could Monster’s job cuts in 2007 and other cost-cutting measures have left them more vulnerable?  Or is the data they possess such a valuable target that it draws the unyielding attention of the best crackers?

Let’s hope that the third time is the charm, and that Monster gets everything locked down tight this time around.

[via CIO]