USAJobs, the official job search site for the federal government, said Wednesday that more than 146,000 users had their account information stolen as a result of an attack on job search giant Monster.com earlier this month.
In mid August, attackers compromised Monster.com accounts gaining access to the company's resume database. With the help of a Trojan horse program targeted at Monster.com users, the attackers made off with the name, address, telephone number, and email address of at least 46,000 Monster.com users. Anti-virus giant Symantec later stated that as many as 1.6 million people may have had their information stolen in the attacks, which used e-mails that addressed recipients by their real names.
Turns out that Monster Worldwide is the technology provider for USAJobs, which is run by the U.S. Office of Personnel Management. Peter Graves, an OPM spokesperson, said 146,000 USAJobs users were affected by the Monster.com attacks. Graves said OPM has received assurances from Monster that Social Security numbers were not compromised.
OPM is in the latter stages of alerting all two million USAJobs.gov users to be on the lookout for phishing scams that might try to take advantage of the stolen data to make their scam e-mails appear more legitimate. Graves said the first signs of the attack surfaced in July, after the organization received a complaint from a USAJobs user.
Brian Krebs on Computer Security. The Washington Post Company