Comments on: 1.6 million records stolen from monster.com http://www.cheezhead.com/2007/08/20/monster-trojan-horse/ Insight and opinion from the world of employment. Fri, 13 Nov 2009 04:01:22 -0700 http://wordpress.org/?v=2.8.6 hourly 1 By: youtuber http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-114719 youtuber Tue, 26 Aug 2008 12:26:08 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-114719 1.6m is certainly not a small number... hope im not in there somewhere 1.6m is certainly not a small number… hope im not in there somewhere

]]> By: naughty3232 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-75972 naughty3232 Fri, 11 Jan 2008 16:29:41 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-75972 I get an average of 20 emails a day from Monster. Hopefully, this will be fixed I get an average of 20 emails a day from Monster. Hopefully, this will be fixed

]]> By: fel3232 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-58124 fel3232 Sat, 27 Oct 2007 17:50:44 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-58124 Me too, I get a lot of garbage from Monster, it's a shame. Me too, I get a lot of garbage from Monster, it’s a shame.

]]> By: Donnie http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-47921 Donnie Fri, 07 Sep 2007 10:03:38 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-47921 How much do you think was paid to Mr Behind-the-Scenes for this information? How many companies have just accidently lost information, and how long are we as a society going to keep giving out our personal data to these shysters? These data security issues seem to be more a cash-in of customer trust than an actual incident. They get a list of a million active names, addresses, work history, salary information, phone numbers... they sell it to the highest bidder, download it and when the phishing starts, Monster claims SECURITY BREACH!!!! Ya I believe it...... How much do you think was paid to Mr Behind-the-Scenes for this information? How many companies have just accidently lost information, and how long are we as a society going to keep giving out our personal data to these shysters?

These data security issues seem to be more a cash-in of customer trust than an actual incident. They get a list of a million active names, addresses, work history, salary information, phone numbers… they sell it to the highest bidder, download it and when the phishing starts, Monster claims SECURITY BREACH!!!!

Ya I believe it……

]]> By: bug_girl http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-46731 bug_girl Fri, 31 Aug 2007 12:56:04 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-46731 I just got a disturbing notice from USAjobs, which uses monster software, that the breach extended into their website as well. http://www.usajobs.gov/securityNotice.asp I just got a disturbing notice from USAjobs, which uses monster software, that the breach extended into their website as well.

http://www.usajobs.gov/securityNotice.asp

]]> By: Joe Stubblebine http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-45496 Joe Stubblebine Fri, 24 Aug 2007 19:02:18 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-45496 This is a big problem, but it happens all the time. There's a software tool called InfoGist that allows any recruiter to suck tens of thousands of contact records from major job boards. This is a big problem, but it happens all the time. There’s a software tool called InfoGist that allows any recruiter to suck tens of thousands of contact records from major job boards.

]]> By: karen m http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-45475 karen m Fri, 24 Aug 2007 14:48:42 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-45475 Should I ask for forgiveness for what I will say here? Nah, Shoot, there seems to be a bit of hypocrisy going on here.. Monster gets a major breach, and Wow, this is such a Controversy, YET RECRUITERS every day will utilize programs - IE Jigsaw, that has the potential for as much harm as this attack did, and -- Yet, this is what get's a raised Eyebrow? No mention of Recruiters sending Resumes w/o permission from the Candidates to jobs that may not exist, and compromising their own efforts? No mention of Selling Data on Programs without permission from that individual? Ah, sorry, I guess, another Rant and Rage about this VERY topic from Karen Mattonen.. It is amazing what will stir the hornets nest, but it is my personal opinion that there is not much difference to what Some Recruiters may and will do Intentionally - compared to the breach of Monster's database. Karen Mattonen.. Should I ask for forgiveness for what I will say here? Nah, Shoot, there seems to be a bit of hypocrisy going on here.. Monster gets a major breach, and Wow, this is such a Controversy, YET RECRUITERS every day will utilize programs – IE Jigsaw, that has the potential for as much harm as this attack did, and — Yet, this is what get’s a raised Eyebrow?

No mention of Recruiters sending Resumes w/o permission from the Candidates to jobs that may not exist, and compromising their own efforts? No mention of Selling Data on Programs without permission from that individual?

Ah, sorry, I guess, another Rant and Rage about this VERY topic from Karen Mattonen.. It is amazing what will stir the hornets nest, but it is my personal opinion that there is not much difference to what Some Recruiters may and will do Intentionally – compared to the breach of Monster’s database.

Karen Mattonen..

]]> By: The Trumpasaurus http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-45365 The Trumpasaurus Thu, 23 Aug 2007 11:47:59 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-45365 Masses, listen up! I represent the International Brotherhood of Trumpasaurai (of which there are one, frequently seen at trade shows.) I am extremely displeased with you all. You have not lain down and accepted the word of my master (monster.com) as golden. How dare you. Let me set the record straight, right here, right now. 1. It is not *our* fault that we lost all of those candidate records to bad people who want to steal nice human identities. It's yours. You dumb clients better stop messing up our nice resume database by catching viruses. 2. If my master says that he has no direct knowledge that a virus even exists, and that identity theft exists, you will listen to our repudiation of objective reality. You will accept monster-reality. 3. Even if viruses do exist, they only downloaded information found in a phone book. That is why we charge so much money for access to the resume database. It takes many phone books to store this information. You should see master's closet. It's just shoes and phone books. 4. I had a dream last night that master couldn't tell the difference between a human downloading a resume vs. a machine (like the Monster Partner program). That would mean that all of those nice humans that designed the Monster partner program and gave it to ATSes exposed a gaping flaw in their security. Then I woke up though and forgot all about that. 4. I expect two things from my master's clients: * Pay your invoices like good humans and don't complain about increased rates. * Stop questionining master. You are too simple to question the mind of his greatness. If you would like to respond to me via human mail, I can be found at: Office of the Trumpasaurus Monster.com Maynard, MA 54678 ATTN: Garbage Pile Sincerely, The Trumpasaurus Masses, listen up!

I represent the International Brotherhood of Trumpasaurai (of which there are one, frequently seen at trade shows.)

I am extremely displeased with you all. You have not lain down and accepted the word of my master (monster.com) as golden.

How dare you.

Let me set the record straight, right here, right now.

1. It is not *our* fault that we lost all of those candidate records to bad people who want to steal nice human identities. It’s yours. You dumb clients better stop messing up our nice resume database by catching viruses.

2. If my master says that he has no direct knowledge that a virus even exists, and that identity theft exists, you will listen to our repudiation of objective reality. You will accept monster-reality.

3. Even if viruses do exist, they only downloaded information found in a phone book. That is why we charge so much money for access to the resume database. It takes many phone books to store this information. You should see master’s closet. It’s just shoes and phone books.

4. I had a dream last night that master couldn’t tell the difference between a human downloading a resume vs. a machine (like the Monster Partner program). That would mean that all of those nice humans that designed the Monster partner program and gave it to ATSes exposed a gaping flaw in their security. Then I woke up though and forgot all about that.

4. I expect two things from my master’s clients:

* Pay your invoices like good humans and don’t complain about increased rates.

* Stop questionining master. You are too simple to question the mind of his greatness.

If you would like to respond to me via human mail, I can be found at:

Office of the Trumpasaurus
Monster.com
Maynard, MA 54678
ATTN: Garbage Pile

Sincerely,

The Trumpasaurus

]]> By: Recruiting Fly Guy http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-45326 Recruiting Fly Guy Thu, 23 Aug 2007 02:17:26 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-45326 For the past few years the Monster site has reminded me more of a lead generation tool for their advertisers rather than a place for people to find jobs. This trojan horse issue can directly be attributed to the overall strategies set in place by their management. The 'new' management is not off to a good start here. The problem in my mind still lies in the fact that their ultimate customer is the shareholder, thus their growth must come from squeezing every available dollar from the poor job seeker to maintain growth. With this model the job seeker always loses. For the past few years the Monster site has reminded me more of a lead generation tool for their advertisers rather than a place for people to find jobs. This trojan horse issue can directly be attributed to the overall strategies set in place by their management. The ‘new’ management is not off to a good start here. The problem in my mind still lies in the fact that their ultimate customer is the shareholder, thus their growth must come from squeezing every available dollar from the poor job seeker to maintain growth. With this model the job seeker always loses.

]]> By: Lean B. http://www.cheezhead.com/2007/08/20/monster-trojan-horse/comment-page-1/#comment-45312 Lean B. Wed, 22 Aug 2007 23:30:38 +0000 http://www.cheezhead.com/2007/08/20/monster-trojan-horse/#comment-45312 So, since Monster.com can't tell programmatic access to its site from direct access nor do they secure their own site from "talking to itself", based on their responses in these articles: http://www.pcworld.com/article/id,136154-pg,1/article.html and here: http://www.forbes.com/technology/2007/08/20/symantec-monster-research-tech-cx_0820darkreading.html This compounded with the fact that their alliances program apparently further extends this lack of security to third parties (see here): http://info.monster.com/alliances/hrvendor.asp with no basic checks and balances is just lazy and poor management of private information. And don't try and tell me that resume information isn't “private”... I'm assured multiple times throughout the account creation process that my information is both private and secure. What's worse is that their "security model" seems to cross all their offerings including those that provide companies with their own career web sites, so are those using Monster.com for that compromised or at least at risk? I know that our company let's those with Monster.com profiles "push" those into our systems and that Monster requires that you have an account on Monster before you can easily get to our jobs. All I can say is no thanks... Lot's of sites can drive candidate traffic and at least some of them seem to care about the fact that they sit between my jobs and my potential future employees' privacy. So, since Monster.com can’t tell programmatic access to its site from direct access nor do they secure their own site from “talking to itself”, based on their responses in these articles:

http://www.pcworld.com/article/id,136154-pg,1/article.html

and here:

http://www.forbes.com/technology/2007/08/20/symantec-monster-research-tech-cx_0820darkreading.html

This compounded with the fact that their alliances program apparently further extends this lack of security to third parties (see here):

http://info.monster.com/alliances/hrvendor.asp

with no basic checks and balances is just lazy and poor management of private information. And don’t try and tell me that resume information isn’t “private”… I’m assured multiple times throughout the account creation process that my information is both private and secure.

What’s worse is that their “security model” seems to cross all their offerings including those that provide companies with their own career web sites, so are those using Monster.com for that compromised or at least at risk? I know that our company let’s those with Monster.com profiles “push” those into our systems and that Monster requires that you have an account on Monster before you can easily get to our jobs.

All I can say is no thanks… Lot’s of sites can drive candidate traffic and at least some of them seem to care about the fact that they sit between my jobs and my potential future employees’ privacy.

]]>