Money was the motive in the Monster data mash, analysts say.
Patrick Martin, a senior product manager with Symantec, the company that first discovered the breach, says spammers sent out fake emails designed to create an illusion of trust among the victims.
Through the guise of recruiters contacting job seekers sourced on Monster.com, the spammers hoped to snag personal financial data and bank account numbers.
The emails also asked users to click on links loaded with infectious software viruses.
Monster say it continues to investigate how the virus, known as “Infostealer.Monstres,” could have infiltrated the company’s resume database and spammed upwards of 1.6 million users.
Monster says it shut down a rogue server that was accessing legitimate employer-client log-in credentials.
Article Continues Below
Guide: Practical Tips for Remote Hiring
In one of the biggest security breaches in some time, compromised information included candidates’ names, addresses, phone numbers, and email addresses. The attack was carried out using two servers at a Web-hosting company in Ukraine.
In a statement, Monster said it is “currently analyzing the number of job seeker contacts impacted by this action and will be communicating with those affected as appropriate.”
However, although the company first learned of the problem August 17, it allegedly waited five days, until August 22, to tell users its system had been hacked in this security breach.
In the meantime, Monster says it is placing a security alert on the Monster.com security center.