Furthermore, as research has discovered that 41 percent of people use the same password for every website they access, many Monster and USAJobs users are likely to be at risk of their accounts on other websites are at risk of being hacked.
According to a warning published by Monster, other data stolen included users' email addresses, names, phone numbers and some demographic data. The incident follows a similar attack on both sites 18 months ago when hackers used the Monstres Trojan horse to steal details of jobseekers via recruiter accounts. That hack was unsurprisingly followed by a widespread phishing campaign.
Graham Cluley, senior technology consultant at Sophos commented:
According to media reports, Monster is not planning to warn its users via email about the security breach, but instead posted an advisory on its website.Customers of both Monster and USAJobs have been placed at serious risk because of this attack.
One very real risk is that the hackers will use the email addresses and personal information they have stolen to mount a very realistic phishing campaign to gather more sensitive information from the victims. But, that's just the tip of the iceberg - since so many people use the same password for every website, there's a good chance the cybercriminals will be able access users' bank accounts and other sites.
- continued Cluley.There will be a few raised eyebrows about how Monster is choosing to inform its members of this serious security breach. As the company's database was hacked in what appears to have been a similar attack in 2007, customer confidence in the company may be damaged following this latest incident
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.