There’s plenty of blame to go around here, but my guess is that someone at Monster.com is looking for a job today. Estimates have it that more that 1.25 million Monster.com users have had their personal information stolen. Most of those people were all here in the United States. Monster.com was pretty slow on releasing the breach and didn’t even seem to know until they were contacted by Symantec.
It started with hackers breaking into the site. The attack originated from compromised web servers in Ukraine, along with a network compromised PCs controlled by the attackers. According to Reuters,
"Hackers broke into the U.S. online recruitment site’s password-protected resume library using credentials that Monster Worldwide Inc said were stolen from its clients, in one of the biggest Internet security breaches in recent memory."
Of course, "biggest" is a matter of perspective. I’m sure that Harry Potter disagrees. I bring up Harry Potter because the two incidents have a common thread: Email Socially Engineered Attack (eSEA). Symantec has some examples of these emails here.
The emails contained enough personal information and employment promises that many fell for it. Users clicking on the link in the emails were getting Trojan dubbed Infostealer.Monstres.
There are reoccurring lessons to be learned here. I’m not quick to call it "blame". For sure, that will be assessed in the lawsuits that will follow from this. But as I see it, contributing factors in this are:
- the breached servers in Ukraine
- the compromised PCs that formed the attack network
- the users that clicked on the link (and any that shared personal information via an email)
- Monster.com for not releasing this information sooner.