The theft of personal information among Monster.com customers may be a textbook case in the making. This wasn’t a sophisticated database hack but the use (probably) of social engineering to get legitimate passwords and then use duplicitous phishing schemes to trap those users. Most intriguing to me is not necessarily the extent of the problem or the methods involved but the choice of target in the attack.
We would normally consider bank customers, insurance customers or those with information in government databases as the biggest data repositories to worry about. As for job seekers, who cares? But on the other hand, what better way to find all kinds of details that would be used, conceivably, to make your pharming site look like a more trustworthy source? Some of the resumes in Monster’s database probably include not only the user’s personal details, but that of their references. It’s like having someone walk off with an attache case full of your biographical details. Scary.
Maybe it’s time for all of us to do a personal inventory of where we’ve posted our data, and whether that might one day become a target too.
