Monster “Accidentally” Leaks Customer Data
By: Jim Stickley and Tina Davis
November 2, 2019
Online job seekers found their resumes and other private information exposed in a recent database breach. Monster users from 2014 to 2017 were included in the breach primarily affecting U.S. citizens. The personal information up for grabs includes phone numbers, home and email addresses, and prior work experience. There are currently no estimates of how many users were affected. Earlier this year, another popular recruitment site, Ladders, also found their customer PII (personally identifiable information) was publicly exposed. Monster claims the data exposure was inadvertent and not caused by bad actors–yet these accidental incidents continue to happen.
Monster blame is in line with other popular blames—a third-party vendor who stored their customer PII. Similarly, Ladders also blamed a third-party service storing their customer PII. It appears both vendors had incorrect settings on their servers that led to accidental data exposure. Data storage providers for both recruitment services claim default privacy settings on each server were inadvertently set to “public.” That meant all data stored on the two servers was open to public viewing. All involved agree the exposure was accidental and not intended. But whether an “oops” moment or not, the individuals who had their PII exposed are still victims and corporate responsibility for data protection is sorely needed.
Meanwhile, Monster claims it is “not in a position” to report how many customer accounts were affected. Regardless of the extent of the damage, it’s clearly up to individual users to be proactive about their own data security. Although we can only hope our PII is safely stored by others, we can better protect ourselves with a few commonsense measures:
- Always look to limit your PII to as few sites as possible.
- It makes sense to remove accounts you no longer use or need, and it’s worth taking a good look at what those accounts are. In this case, if you have a job and no longer need a Monster.com account, deleting it can limit your PII exposure.
- Be aware of the types of information you put out there, and never provide more than the minimum amount required. Oversharing PII can put your data at increased risk of exposure, and the less you share, the better.