The immensely popular job search Web site, Monster.co.uk, has revealed that hackers may have compromised as many as 4.5 million accounts stored on its site in the United Kingdom.
The job search and recruitment Web site will not release how many accounts have been affected by the data breach, according to ComputerWorldUK. com.
The Independent (U.K.) reports:
The recruitment giant Monster said hackers now hold confidential information contained on its database, including user names, passwords, telephone numbers, email addresses and "some basic demographic data."
The company said the stolen information did not include CVs, national insurance numbers, or personal financial data.
It is thought that 4.5 million people are registered with the Monster.co.uk Web site and could be affected by the breach, which, if confirmed, will be the largest data loss since the details of 25 million child benefit recipients went missing in 2007.
Job seekers who have an account with Monster.co.uk have been told to change their passwords and beware of any suspicious e-mails that may "phish" for additional personal details. In a prior data breach 18 months ago, hackers sent phishing e-mails after their attack to collect additional personal information.
Security analysts warn anyone who had an account to monitor their bank and card accounts because hackers may try to open bank accounts and credit cards with the stolen information.
While Jay Heiser, research vice president for Gartner, says it's an exaggeration to think hackers can compromise every Monster account holders' financial accounts, Web users need to pay closer attention to password management.
"The fact that most people do use the same password on multiple sites means that if passwords were stolen from Monster," he said, "it is possible for that password information from Monster to be made available to attackers, along with information from other sources, in support of attacks against bank accounts."
Heiser recommends that Web users make sure they have a different password, however troublesome, for each sensitive site they access.
He also said Monster's breach should teach businesses that software as a service, SaaS, is not safe.
For a pro and con article on the benefits and pitfalls of SaaS, read this article from CIO.com.