About 146 000 people using a US government jobs Web site had their personal information stolen by hackers who broke into computers at Monster Worldwide, a government spokesman said yesterday.
The theft on the USAjobs.gov site, which has about two million users, was part of a hacking operation apparently run out of Ukraine that Monster disclosed last week, said Peter Graves, a spokesman for the US Office of Personnel Management.
Monster runs the site on behalf of the government.
On Wednesday, the government temporarily restricted recruiters from accessing the database until Monster completes efforts to ensure its computer system is secure, Graves said.
"We disabled it yesterday as an extra precaution on our part to best protect our users," he said by telephone late yesterday.
He said the government expected to restore that access by today.
The information stolen from the USAjobs.gov database included names, mailing addresses, phone numbers and e-mail addresses. Social security numbers, which are encrypted in the database, were not compromised, Graves said.
The government found out the site had been compromised on 20 July, when a subscriber submitted what appeared to be a fraudulent e-mail, Graves said.
Officials with the US agency immediately passed the information on to Monster, the government spokesman said.
Monster problem
That appeared to differ from an earlier statement from Monster Worldwide. CEO Sal Iannuzzi said on Wednesday that the company only learned its systems might have been compromised on 18 August, when researchers with security company Symantec notified it of the matter.
Officials with Monster could not be reached for comment yesterday.
A Symantec response team in Austin, Texas, had found the hackers had managed to get unsuspecting PC users to download malicious software on to their computers so that the culprits could gain control of their PCs.
Such software is generally distributed via spam e-mail attachments and by compromised Web sites. When users open those attachments or click on links on those sites, their PCs become infected.
From a command and control centre hosted on a server at a Web hosting company in Ukraine, the thieves took control of those PCs and used them to access Monster's site using stolen credentials of job recruiters. The malicious software then sent the information to a second server in Ukraine, which Monster said was shut down on about 23 August.
The hackers' ultimate goal was to launch so-called phishing attacks on the jobseekers whose data was taken, according to Monster and Symantec. In such schemes, hackers use the stolen data to persuade their targets to provide financial information or download malicious software.
In the case of the Monster theft, these fraudulent e-mails were sent by people purporting to be job recruiters.
What makes phishing schemes particularly damaging, compared with other scams over the centuries, is that, through the Internet, criminals have quick access to millions of targets and an easier time evading justice.
It was not till Wednesday that Monster notified the US jobs agency how much data had been stolen from the USAjobs database, Graves said. "We didn't know the extent," he said. "We learned the extent yesterday."
The government followed up by posting a notice on the jobs site warning users that they might be victims of phishing attempts, and also contacted users individually via e-mail, Graves said.
Share