Jan 27, 2009

Monster.com Is hacked, Usernames and Password stolen!

Monster.com has been hacked exposing usernames and passwords:

Monster Hacked

If you used LastPass and used a generated a password, just login to Monster.com and generate a new one.

If you're part of the majority of the population that uses the same password on every site, you should be worried. Some nefarious characters have your username and password to many of your sites. This is just another concrete example of why your current password management strategy of "none" or "tiered" is a bad idea. Unfortunately this isn't rare, it's the second time it's happened to Monster.com!

Protect yourself -- use a different password on every site with LastPass. Here's the basic instructions on how to use Generated Passwords with LastPass:

3 comments:

  1. Did they store their passwords in Clear Text??!?!

    BTW, I was out of town and for the most part off the net since last week and this is the first I heard of it.

    And their excuse for not notifying their customers was lame.

    Thanks for the info.

    ReplyDelete
  2. If they did anything smart (like hash), I'm sure they'd tell people. If they had used a salted hash like we do, then they wouldn't have had to force everyone to change their passwords.

    As it stands it's exceptionally unprofessional to avoid notifying people when so many people use the same password everywhere.

    ReplyDelete
  3. LastPass is an admirable company because it understands the weaknesses that major corporations have in protecting their data. Half a year after Monster's security was breached, so was T-Mobile's security. This is outrageous, and the government is STILL not enforcing stricter data protection requirements! LastPass is awesome because aside from constantly changing your password, users can keep their passwords from “sticking” to these company websites, which apparently are as easy to hack into as your 5th grade teacher's grading spreadsheet on Excel.

    ReplyDelete