Monster ravaged by hackers again

Hackers have cracked Monster's defences again

Jobs web site Monster has admitted to suffering yet another major breach of sensitive user information.

The company said in a statement that its servers had been breached, and that user IDs, passwords, email addresses, names, phone numbers and some basic demographic data had been compromised.

"In order to help assure the security of your information, you may soon be required to change your password on logging onto the site," said the company.

"We would also recommend you proactively change your password as an added precaution. We regret any inconvenience this may cause you, but feel it is important that you take these preventative measures."

Monster claimed that it does not ordinarily collect financially sensitive information like Social Security numbers, and that users' CVs had not been affected. However, users should be alert to suspicious emails and phishing attacks.

Graham Cluley, senior technology consultant at security firm Sophos, said: " One very real risk is that hackers will use the email addresses and personal information to mount a realistic phishing campaign to gather more sensitive information.

"Phishing emails which attempt to look more legitimate by using the recipient's real name and other personal information (such as ID, phone number or location) are always more successful."

This is the third time in three years that Monster's servers have been breached. The company was hit by an extensive phishing scam in 2008, and had 1.3 million details downloaded to servers in the Ukraine in 2007.