Job seeker data exposed in possible Monster.com breach



A security researcher has uncovered an exposed web server on the Internet that stores resumes of job seekers from Monster's recruitment agency.

After a thorough review, the server found resumes and resumes for applicants from 2014 to 2017, many of which included private information such as telephone numbers, home addresses, e-mail addresses, and even job experience.

At this point, it is still unclear how many files were exposed on the server, but to put things in perspective, only one folder contained thousands of resumes from May 2017. In addition to the resumes, the immigrant server also found the immigration documentation for the work that Monster does not collect.

According to a statement by Monster's Chief Privacy Officer, Michael Jones, the server is not owned by the company itself, but by a recruitment client unnamed, with whom the company no longer works. However, Monster did not give the recruiting customer's name when he was pushed off TechCrunch,

Suspended server

After Monster was notified of the data leak, it notified the recruitment company of the problem and the exposed server was now secured.

Although direct access to data about the exposed server is no longer possible, hundreds of CVs and other documents submitted by jobseekers can be found in the cached results of search engines.

Since the data was not provided by Monster but by third parties, the company did not warn its users that their data was made available online. In fact, the company only admitted that user data was disclosed after the security researcher who discovered the server had been informed TechCrunch The thing.

READ  This app helped me get front-row sound from the back of a festival

Monster tried to distract responsibility for the data leak in a statement and said:

"Customers who gain access to Monster 's data – application materials and CVs – become owners of the data and are responsible for maintaining their security and, as customers own this data, they are responsible for notifying affected parties in the event of a breach A customer's database alone. "

While Monster was not required to report the data leak to regulators, other companies have begun to proactively warn their users in situations involving third parties.

About TechCrunch

Spread the good stuff:
This post contains affiliate links, to find out more information, please read our disclaimer.
The price written on this page is true as the time it is written. It may change at any moment.

Related Posts