Security Operations Center (SOC)
General Security Bulletin
Distribution: NASA Civil Servants & Contractors
Originator: Scott.Roberts@nasa.gov Date/Version: 2009.01.27.V1
Project Manager: John Wang
Subject: Monster.com/USAJobs.gov Breach & Information Theft
Summary: User information from USAJobs was compromised when their technology provider, Monster, was accessed without authorization.
Details: Monster, the technology provider for USAJobs.gov, was the target of an illegal attempt to access and extract information from their database. When the database was accessed, user contact and account data were taken.
The following information was compromised:
The following information was not compromised:
Monster recommended the following mitigation steps:
The NASA SOC recommends the following actions: . In addition to resetting Monster.com/USAJobs.gov passwords, users should change the passwords of any NASA resource that is using the same or a similar password. . Do not use the same login and passwords for your NASA accounts as you would for your personal accounts.
Resources: The following links may provide further information regarding this malicious activity:
USA JOBS - Attention USAJOBS(R) Users: http://www.usajobs.com/securityNotice.asp
Monster January Security Communication: http://help.monster.com/besafe/jobseeker/index.asp
Monster Online User Security Center: http://my.monster.com/securitycenter/
The NASA SOC is tracking this threat. Users can contact the 24 x 7 x 365 NASA Security Operations Center (NASA SOC) Call Center with any questions at the following number: 1-877-NASA-SEC (1-877-627-2732)