Monster.com Is hacked, Usernames and Password stolen!

By January 27, 2009 Security News 3 Comments

Monster.com has been hacked exposing usernames and passwords: Monster Hacked

If you used LastPass and used a generated a password, just login to Monster.com and generate a new one.

If you’re part of the majority of the population that uses the same password on every site, you should be worried. Some nefarious characters have your username and password to many of your sites. This is just another concrete example of why your current password management strategy of “none” or “tiered” is a bad idea. Unfortunately this isn’t rare, it’s the second time it’s happened to Monster.com!

Protect yourself. Use a different password on every site with LastPass. Here’s the basic instructions on how to use Generated Passwords with LastPass:

3 Comments

  • LastPass is an admirable company because it understands the weaknesses that major corporations have in protecting their data. Half a year after Monster’s security was breached, so was T-Mobile’s security. This is outrageous, and the government is STILL not enforcing stricter data protection requirements! LastPass is awesome because aside from constantly changing your password, users can keep their passwords from “sticking” to these company websites, which apparently are as easy to hack into as your 5th grade teacher’s grading spreadsheet on Excel.

  • Joe Siegrist says:

    If they did anything smart (like hash), I’m sure they’d tell people. If they had used a salted hash like we do, then they wouldn’t have had to force everyone to change their passwords.

    As it stands it’s exceptionally unprofessional to avoid notifying people when so many people use the same password everywhere.

  • RAD Moose says:

    Did they store their passwords in Clear Text??!?!

    BTW, I was out of town and for the most part off the net since last week and this is the first I heard of it.

    And their excuse for not notifying their customers was lame.

    Thanks for the info.