How The Monster.com Hack Could Have Been Avoided

Published 24th August 2007

As news of the a hacker attack on Monster.com, the world's largest job-seekers' Web site, filtered out yesterday morning, Cyber-Ark, the data vaulting and security specialist, says the serious data leakage could have been avoided if the site had maintained its database in a secure and encrypted format.

Newswire reports say that hundreds of thousands of people may have had their personal details, including their addresses and phone numbers, downloaded from Monster.com

Calum Macleod, European director for Cyber-Ark, said that the potentially serious security breach on Monster.com, which has details on 1.6 million people and potential jobs, was easily avoidable.

"Modern encryption and digital vaulting techniques mean that personal information uploaded to a Web site like Monster.com need only be decrypted when the database is interrogated," he said.

"Using this approach means that the data can be held securely on the Web server and, even if hackers succeeded in downloading the files, the fact that they were encrypted would render the data unreadable and therefore unusable," he added.

According to Macleod, Monster.com's problems may only just be beginning, as the hackers may use the personal details of its members to commit identity theft crimes, which could lead to a number of lawsuits being filed against the jobs Web site.

For more on the Monster.com Web site hack:

http://technology.timesonline.co.uk/tol/news/tech_and_web/article2301792.ece

For more on Cyber-Ark:

http://www.cyber-ark.com