NASA Security Operations Center (SOC) General Security Bulletin Monster.com/USAJobs.gov Breach & Information Theft


Security Operations Center (SOC)

General Security Bulletin

Distribution: NASA Civil Servants & Contractors

Originator: Scott.Roberts@nasa.gov Date/Version: 2009.01.27.V1

Project Manager: John Wang

Subject: Monster.com/USAJobs.gov Breach & Information Theft

Summary: User information from USAJobs was compromised when their technology provider, Monster, was accessed without authorization.

Details: Monster, the technology provider for USAJobs.gov, was the target of an illegal attempt to access and extract information from their database. When the database was accessed, user contact and account data were taken.

The following information was compromised:

  • Monster User IDs
  • Monster User Passwords
  • User Email Addresses
  • User Names
  • User Phone Numbers
  • Demographic Information

The following information was not compromised:

  • User Social Security Number
  • User Financial Information
  • User Resumes

Mitigation:

Monster recommended the following mitigation steps:

  • Change Monster/USAJobs password. (This may be required by Monster/USAJobs in the future)
  • Be alert for phishing emails that may utilize information from this compromise. Monster will never send an unsolicited email asking users to confirm their username and password, nor will Monster ask users to download any software, "tool" or "access agreement" in order to use their Monster account. Do not follow any unsolicited links in email or download and install any unexpected applications or applications not requested.

The NASA SOC recommends the following actions: . In addition to resetting Monster.com/USAJobs.gov passwords, users should change the passwords of any NASA resource that is using the same or a similar password. . Do not use the same login and passwords for your NASA accounts as you would for your personal accounts.

Resources: The following links may provide further information regarding this malicious activity:

USA JOBS - Attention USAJOBS(R) Users: http://www.usajobs.com/securityNotice.asp

Monster January Security Communication: http://help.monster.com/besafe/jobseeker/index.asp

Monster Online User Security Center: http://my.monster.com/securitycenter/

The NASA SOC is tracking this threat. Users can contact the 24 x 7 x 365 NASA Security Operations Center (NASA SOC) Call Center with any questions at the following number: 1-877-NASA-SEC (1-877-627-2732)

Larger Image

PDF Version

Please follow SpaceRef on Twitter and Like us on Facebook.