Cyber Crooks Crack Monster Codes

Monster.com, the world’s largest online recruiter has been victimized by cyber crooks who hacked the site, pinching records of several hundred thousand job seekers. Secretly, the hackers obtained recruiters’ logon passwords to access resumes on the job search Web site.

After doing so, the hackers, sent e-mails to the victims asking recipients to download a fake "Monster Job Seeker Tool," which is actually a copy of a Trojan horse. Such e-mails that are used to trick people into installing malicious software on their computers are known as ‘phishing’ emails.

“This Trojan encrypts files in the affected computer and leaves a text file requesting money to be paid to the attackers in order to decrypt the files,” said Symantec Corp. security analyst Amada Hidalgo, who exposed the breach of Monster’s site.

According to Symantec such a large database of personal information was a spammer's dream.

A specially-designed computer program was used to access the company's website using employers' log-in details, giving admittance to the personal details of a vast number of job candidates. Symantec was astounded to how simply was the access gained.

Monster however, insisted that the personal details were just 'generic contact information.'

Patrick W Manzo, vice president of compliance and fraud prevention at Monster, said, “To the best of our knowledge, this is not a hack of Monster's security, rather, legitimate customer credentials are being used to log in to the database.”

Monster, that holds 73 million resumes globally, was still analyzing the stolen files yesterday. The victims are mostly from the U.S. It could not be determined if UK users of the website were affected.

The New York based company said; the incident may prompt it to reassess how recruiters and companies are able to access the site.