Network News

X My Profile
View More Activity Breach May Preface Targeted Attacks

Job search giant quietly disclosed this week that its user database was illegally accessed, resulting in the theft of an unspecified number of Monster user IDs and passwords, names, phone numbers and e-mail addresses.

The company said it opted not to notify users by e-mail out of concern that those messages would be "used as a template for phishing e-mails targeting our job seekers and customers."

"We believe placing a security notice on our site is the safest and most effective way to reach the broadest audience," the company said in a statement posted on its homepage. "As an additional precaution, we will be making mandatory password changes on our site."

In 2007, a Trojan horse program that anti-virus giant Symantec Corp. named Infostealer.Monstres began using hijacked employer accounts to hoover up data on users, ultimately gathering information on roughly 1.6 million users.

Not long after that, scam artists began sending targeted e-mails to users that addressed them by name, in a bid to siphon personal and financial data from recipients.

It is not clear how many accounts may have been compromised, but The Times of London reports that hackers had gained access to as many as 4.5 million user accounts.

By Brian Krebs  |  January 27, 2009; 10:30 AM ET
Categories:  Fraud , Latest Warnings , Safety Tips , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: When Cyber Criminals Eat Their Own
Next: Security Fix Pop Quiz, Reality-Show Style


One wonders what it is going to take for corporate entities to start taking information security seriously. I also find their excuse for not notify their customers to be suspect at very best. That sounds like an interesting test case for a class action lawsuit.

Thanks goes to Brain Krebs for giving this issue a wider audience. I have an account with and didn’t know anything about this until Brian’s article. Now I am off to go delete my account.

Posted by: Cerberus1 | January 27, 2009 11:52 AM | Report abuse

Hi Brian,

I'm getting an odd entry in your RSS feed for this column from

You've trained me to be suspicious of unexpected websites showing up places, trying to get you to visit something nefarious. Is something amiss or is this WP advertising oddly added to the RSS feed?


Posted by: josef2 | January 27, 2009 12:10 PM | Report abuse

josef2, along those lines, I've noticed that there's some sort of spammer trying to insert fake blog entries over in the sports blogs. They don't show up within the blogs themselves, just in the list of latest blog entries as "Presented by". I'm guessing that's what you're seeing.

Posted by: koalatek | January 27, 2009 1:10 PM | Report abuse

The breach is but another confirmation that the level of hacker sophistication continues to evolve and that we must never underestimate their ingenuity or capacity for stealth. Unfortunately, I anticipate that this type of criminal activity will become even more prevalent during this period of economic turmoil. Therefore, it is imperative that business, the Obama Administration and the new Congress keep privacy, security and identity theft issues on the front burner.

Just as many public companies time the release of negative earnings reports to coincide with the end of the trading day on Friday, I am not surprised that disclosure of this particular breach was made on a Friday.

This breach is yet another reminder of why consumers must spend a few minutes every day reviewing online the activity in their bank and credit card accounts and feeling completely comfortable that every transaction they see is correct.

All the best,

Adam K. Levin
Chairman and Co-Founder
Identity Theft 911

Posted by: bdiggs | January 27, 2009 6:06 PM | Report abuse

Sounds like koalatek is suggesting that the Security Fix rss feed has been compromised! I'm referring to:

Maybe Brian can do some sleuthing to find out what that is going to try to do to your computer.

Posted by: josef2 | January 27, 2009 6:45 PM | Report abuse

FYI, Brian

I'm getting an entry for this feed named "Presented By:" Clicking it leads here:

But, first it routes through "".

Spam or advertising? Either way, this will not do. Hope you work it out.

Posted by: BrianAKATheDean | January 27, 2009 9:43 PM | Report abuse

About the 'Presented by:' RSS bookmark:

Shows for me as directing to

from website:

- "Pioneering RSS Advertising Solutions"
- "Turn your RSS traffic into money"

Advertising thru RSS. Where will it all end?

Posted by: xabbu | January 27, 2009 10:33 PM | Report abuse

While it is laudable to notify users of security attacks, I think should by strongly criticized for their handling of this matter. As Adam "bediggs" noted above, the timing of the press release is at a time that is least likely to be noted by the press. Additionally, according to the Symantec information (from link in article above) knew of the attack in August of 2007 – seventeen months ago! Clearly, such a delayed response prevented any users from having any timely information to effectively protect them.

Posted by: gyserprime | January 28, 2009 9:41 AM | Report abuse

Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent a new eCulture, breaches will, and continue to, increase. As CIO, I look for ways to help my business and IT teams further their education. Check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome - or worse, propagate one.

Posted by: johnfranks999 | January 28, 2009 2:25 PM | Report abuse

Data breaches are sure to increase in time if responsible energy is not put into digital security systems for commerce. That much is absolutely true. Staying up to date on these issues is another thing. I've been knocking around http://www.justaskgemalto trying to get a read on what the current technology is. I hear they may start up a blog to educate on the subject. Sure hope so.

Posted by: ThomasWhitney | January 28, 2009 4:55 PM | Report abuse

Josef2 should really pay attention to Andrew Klein's earlier comments. The hackers get more and more cleaver with their attacks and don't think for a minute that business and the government are not doing what they can to address the problem. The challenge is that no panacea solution has been devised just yet. The best answer to security today is for each of us to be aware of what's in our inbox and what activity is going against our online accounts.

Posted by: doughnut1 | January 28, 2009 6:29 PM | Report abuse

Without a doubt targeted phishing attacks are a possibility following the security breach at

But what I think a lot of people may be forgetting is that there is also a risk on many other websites. That's because many people (41% according to a survey by Sophos - see ) use the same password for *EVERY* website that they access.

So, if the bad guys have stolen your password on Monster, and also know your email address, they can probably try that password at your Yahoo, Gmail, Amazon, PayPal, eBay, etc etc etc websites too..

Websites need to be much more careful in securing their customers' data, but individuals also need to be much more sensible in their password choice.

Graham Cluley, Sophos

Posted by: Graham-Cluley | January 28, 2009 11:57 PM | Report abuse

Graham Cluley of Sophos completely misses the point in accusing individuals of responsibility in attacks such as the break-in.

No website should ever store the password in a recoverable form. Full stop, there is never an excuse for this poor decision.

They should only store it in a one-way encrypted format. When kept this way, the website can only verify whether you enter it correctly. No one can discover what your password is.

This is grade one elementary stuff for any security professional.

Posted by: eshark11 | January 29, 2009 7:11 AM | Report abuse

The Presented By entries exist across multiple WaPo blog feeds, and have been there for several weeks (in my experience), though this is the first time I've seen it on the SF feed. First noticed it in the Sports feeds. Would be curious to know more about what's going on and how the Post feeds are getting compromised.

Posted by: grounder | January 29, 2009 4:01 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company