[ISN] Hackers steal info on users of federal job site

From: InfoSec News (alerts@private)
Date: Thu Aug 30 2007 - 23:27:46 PDT


http://www.govexec.com/dailyfed/0807/083007b1.htm

By Brittany R. Ballenstedt
Govexec.com  
August 30, 2007

Hackers have stolen the names and contact information of about 146,000 
job seekers on the USAJOBS Web site, the Office of Personnel Management 
revealed Wednesday.

Hackers gained access to subscribers' names, e-mail addresses and 
telephone numbers through the resume database maintained by Monster.com, 
the technology provider for USAJOBS, OPM said. Monster has told OPM that 
no Social Security numbers were compromised.

Access to the data was obtained via a Monster customer's computer using 
legitimate employer credentials. About 146,000 of the 2 million 
subscribers to the Web site were affected, with hackers likely intending 
to use the information to send counterfeit e-mails requesting further 
disclosure of information, OPM said.

Monster already has identified and shut down the server that was 
accessing and collecting the information. OPM is working with Monster to 
implement a long-term remedy to protect data.

OPM asked all USAJOBS subscribers to remain alert for counterfeit 
e-mails that may appear from Monster. "USAJOBS will never request 
personal information via unsolicited e-mail," OPM said in an alert 
posted to USAJOBS. "Monster has also assured us they will never ask any 
site users to download any software, tool or access agreement."

OPM is sending letters to subscribers to alert them of possible 
counterfeit e-mails. Individuals who receive a suspicious e-mail 
regarding a USAJOBS search should forward the e-mail to OPM at mayday 
(at) fedjobs.gov.


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/



This archive was generated by hypermail 2.1.3 : Thu Aug 30 2007 - 23:39:18 PDT