TechWag

Monster dot com’s advertising leading to data theft fiasco keeps on getting bigger and bigger the more time goes past. The story originally broke (at least when we first saw it) over the weekend, and by now the potential is over a million users depending on what news story you read. There is a certain amount of sensationalism here, and malware embedded in advertising is not a new thing, been there done that.

The personal information filched from Monster.com includes names, e-mail addresses, home address, phone numbers and resume identification numbers, said Hidalgo, who traced the data to a remote server used by the attackers to store the stolen information. Infostealer.Monstres ripped off Monster.com by using legitimate log-ins, likely stolen from recruiters and human resource personnel who have access to the “Monster for employers” areas of the site. Source: PCWorld

Some good background on this story can be found here and here, and no surprise that the information security field is all wrapped up about this. There realistically was no real way for monster to know that the advertising carried malware, and the advertising was more than likely served by some third party system somewhere in the world. Monster.com though has been remarkably silent about the whole issue to date. There is absolutely nothing on the monster.com landing page to indicate that anything is amiss, or that anything is wrong.

That is the real issue, monster says nothing, Symantec, and everyone one else and their brother and sisters are talking about the issue. This is mainstream news, but monster is remarkably silent on the matter. They need better PR and they need to start talking to people, the press, their own web site, before the numbers keep in raising sensationally.

Monster where are you?

Tags: education, layoff, news //