Monster says millions of users' data may be stolen

By Jim Finkle and Nick Zieminski

BOSTON/NEW YORK (Reuters) - The theft of contact information for job seekers in the database of Monster Worldwide Inc was greater than the 1.3 million individuals the company reported last week, Chief Executive Sal Iannuzzi said on Wednesday.

While investigating the recent theft, the company learned that its Web site had previously been hacked.

"We're assuming it is a large number. It could easily be in the millions," Iannuzzi said in an interview with Reuters.

The hackers didn't get the kind of information it takes to pull money out of a bank account, according to Monster.com, but the contact data is valuable to criminals who use social engineering techniques to conduct scams.

Contact data provide criminals just enough information to convince some recipients to let their guard down because the use of personal information and other social engineering techniques make the e-mails seem legitimate.

Some Monster.com job seekers who had posted their resumes on the site received e-mails from alleged recruiters. They said they had seen their resumes on the site and wanted them to provide bank account information to complete job applications.

Other e-mails sent to Monster.com users asked them to click on links that loaded malicious software onto their computers. Such programs can be used to steal financial information entered onto the PC, or to secretly launch similar attacks on other computers.

Monster said that while it knows its database has previously been compromised, it is unable to ascertain how often it has happened or how much data has been stolen.  Continued...